It is informed that the Spring4Shell (CVE-2022-22965) vulnerability is actively being exploited in large numbers. We would like to know if the IFS systems are vulnerable to this exploit and if yes if mitigation measures have been taken.
Answer
Spring4Shell (CVE-2022-22965)
Same question arises from us on App10 (seeing that on only App 9 is tagged), and probably from customers all other versions.
A couple of links for those who are not aware of the issue with Spring4Shell
https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement
Patch finally released for Spring4Shell zero-day | IT PRO
Bjørn T. Hetland
Can we get an official answer for this please?
Would like to know as well. Apps 9. Group IT Security Department are getting hot and sweaty over it.
I know IFS RnD is working with it, and has done for a couple of days. Would be nice if they can post here with status as of now a roughly how long until they expect to be done..
Bjørn T. Hetland
Hello, I have been trying to get a definitive answer from IFS for a few days now, but none are forthcoming.
I rang my account manager on Friday 8th April and followed this up with an e-mail to them, and another e-mail to another contact I have.
Fingers crossed, this may help everyone.
Best regards
Richard.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.