It is informed that the Spring4Shell (CVE-2022-22965) vulnerability is actively being exploited in large numbers. We would like to know if the IFS systems are vulnerable to this exploit and if yes if mitigation measures have been taken.
Solved
Spring4Shell (CVE-2022-22965)
Best answer by Markus Sandin
Hey everyone,
IFS has now concluded an extensive assessment against all our supported products with result that none are found to be affected by the Spring4Shell (CVE-2022-22965) vulnerability
Best Regards
Markus Sandin - VP Infrastructure
Same question arises from us on App10 (seeing that on only App 9 is tagged), and probably from customers all other versions.
A couple of links for those who are not aware of the issue with Spring4Shell
https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement
Patch finally released for Spring4Shell zero-day | IT PRO
Can we get an official answer for this please?
Would like to know as well. Apps 9. Group IT Security Department are getting hot and sweaty over it.
I know IFS RnD is working with it, and has done for a couple of days. Would be nice if they can post here with status as of now a roughly how long until they expect to be done..
Hello, I have been trying to get a definitive answer from IFS for a few days now, but none are forthcoming.
I rang my account manager on Friday 8th April and followed this up with an e-mail to them, and another e-mail to another contact I have.
Fingers crossed, this may help everyone.
Best regards
Richard.
+9Hey everyone,
IFS has now concluded an extensive assessment against all our supported products with result that none are found to be affected by the Spring4Shell (CVE-2022-22965) vulnerability
Best Regards
Markus Sandin - VP Infrastructure
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.