Skip to main content
Solved

Spring4Shell (CVE-2022-22965)

S
Do Gooder (Partner)
Forum|alt.badge.img

It is informed that the Spring4Shell (CVE-2022-22965) vulnerability is actively being exploited in large numbers. We would  like to know if the IFS systems are vulnerable to this exploit and if yes if mitigation measures have been taken.

Best answer by Markus Sandin

Hey everyone,

IFS has now concluded an extensive assessment against all our supported products with result that none are found to be affected by the Spring4Shell (CVE-2022-22965) vulnerability

Best Regards
Markus Sandin - VP Infrastructure 

View original
Did this topic help you find an answer to your question?

8 replies

B
Do Gooder (Customer)
Forum|alt.badge.img+3
  • BjornH
  • Do Gooder (Customer)
  • 19 replies
  • April 4, 2022

Same question arises from us on App10 (seeing that on only App 9 is tagged), and probably from customers all other versions.

 

A couple of links for those who are not aware of the issue with Spring4Shell 

https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement

Patch finally released for Spring4Shell zero-day | IT PRO

 

Bjørn T. Hetland
Novishan Dissanayake
1 person likes this
  • Novishan Dissanayake
    Novishan Dissanayake
E
Do Gooder (Customer)
Forum|alt.badge.img+2
  • Emma.Carter
  • Do Gooder (Customer)
  • 3 replies
  • April 6, 2022

Same question again, is IFS Cloud impacted by the Spring4Shell vulnerability?

Novishan Dissanayake
T
2 people like this
  • Novishan Dissanayake
    Novishan Dissanayake
  • T
    Tim Schmitz
Tharindu
Hero (Employee)
  • Tharindu
  • Hero (Employee)
  • 66 replies
  • April 6, 2022

Can we get an official answer for this please?

Novishan Dissanayake
1 person likes this
  • Novishan Dissanayake
    Novishan Dissanayake
T
Do Gooder (Customer)
Forum|alt.badge.img+1
  • Tim Schmitz
  • Do Gooder (Customer)
  • 1 reply
  • April 6, 2022

In addition to latest IFSCloud: is the latest PSO version affected?

Novishan Dissanayake
1 person likes this
  • Novishan Dissanayake
    Novishan Dissanayake
M
Sidekick (Customer)
Forum|alt.badge.img+10
  • Matthew
  • Sidekick (Customer)
  • 166 replies
  • April 7, 2022

Would like to know as well. Apps 9. Group IT Security Department are getting hot and sweaty over it.

Novishan Dissanayake
1 person likes this
  • Novishan Dissanayake
    Novishan Dissanayake
B
Do Gooder (Customer)
Forum|alt.badge.img+3
  • BjornH
  • Do Gooder (Customer)
  • 19 replies
  • April 8, 2022

I know IFS RnD is working with it, and has done for a couple of days. Would be nice if they can post here with status as of now a roughly how long until they expect to be done..

Bjørn T. Hetland
Novishan Dissanayake
1 person likes this
  • Novishan Dissanayake
    Novishan Dissanayake
R
Do Gooder (Customer)
Forum|alt.badge.img+4
  • RichardM
  • Do Gooder (Customer)
  • 8 replies
  • April 11, 2022

Hello, I have been trying to get a definitive answer from IFS for a few days now, but none are forthcoming.

I rang my account manager on Friday 8th April and followed this up with an e-mail to them, and another e-mail to another contact I have.

 

Fingers crossed, this may help everyone.

 

Best regards

Richard.

Azelle
S
2 people like this
  • Azelle
    Azelle
  • S
    Sandeep
Markus Sandin
Hero (Employee)
Forum|alt.badge.img+9
  • Markus Sandin
  • Hero (Employee)
  • 51 replies
  • Answer
  • April 11, 2022

Hey everyone,

IFS has now concluded an extensive assessment against all our supported products with result that none are found to be affected by the Spring4Shell (CVE-2022-22965) vulnerability

Best Regards
Markus Sandin - VP Infrastructure 

Novishan Dissanayake
Azelle
B
6 people like this
  • Novishan Dissanayake
    Novishan Dissanayake
  • Azelle
    Azelle
  • B
    BjornH
  • R
    RichardM
  • S
    Sandeep
  • T
    Tim Schmitz

Reply


Terms & ConditionsCookie settings

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings