It is informed that the Spring4Shell (CVE-2022-22965) vulnerability is actively being exploited in large numbers. We would like to know if the IFS systems are vulnerable to this exploit and if yes if mitigation measures have been taken.
Best answer by Markus Sandin
View originalSame question arises from us on App10 (seeing that on only App 9 is tagged), and probably from customers all other versions.
A couple of links for those who are not aware of the issue with Spring4Shell
https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement
Patch finally released for Spring4Shell zero-day | IT PRO
+2
Same question again, is IFS Cloud impacted by the Spring4Shell vulnerability?
Can we get an official answer for this please?
+1
In addition to latest IFSCloud: is the latest PSO version affected?
Would like to know as well. Apps 9. Group IT Security Department are getting hot and sweaty over it.
I know IFS RnD is working with it, and has done for a couple of days. Would be nice if they can post here with status as of now a roughly how long until they expect to be done..
Hello, I have been trying to get a definitive answer from IFS for a few days now, but none are forthcoming.
I rang my account manager on Friday 8th April and followed this up with an e-mail to them, and another e-mail to another contact I have.
Fingers crossed, this may help everyone.
Best regards
Richard.
+9
Hey everyone,
IFS has now concluded an extensive assessment against all our supported products with result that none are found to be affected by the Spring4Shell (CVE-2022-22965) vulnerability
Best Regards
Markus Sandin - VP Infrastructure
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
