DataSunrise Security is sponsoring AWS Re:Invent in Las Vegas, please visit us in DataSunrise’s booth at Re:Invent

New Zero-Day Vulnerability in Spring

New Zero-Day Vulnerability in Spring

Recently, researchers found a critical vulnerability in Spring, an open-source framework for the Java platform. This vulnerability was named as Spring4Shell (CVE-2022-22965) in tune with the infamous Log4j (CVE-2021-44228).

DataSunrise is aware of the recent disclosure of this security concern and its worldwide exploitation. We are actively monitoring this issue, even though our product has not been affected.

Hereby, we confirm that DataSunrise software was not affected by this security issue. DataSunrise does not use affected Spring Core in the software or anywhere.

Spring4Shell vulnerability lets attackers remotely execute malicious code under some conditions. But there are other possible ways of exploiting this vulnerability.

First of all, we encourage you to check all your environments that contain or possibly contain the Spring framework. For security and remediation steps, please update Spring to secure versions 5.3.18 or 5.2.20 and check its site for the possible workarounds.

If you need any additional details or help, please contact our Support Team.

Next

The Difference Between Data Protection and Data Privacy

The Difference Between Data Protection and Data Privacy

Learn More

Need Our Support Team Help?

Our experts will be glad to answer your questions.

General information:
[email protected]
Customer Service and Technical Support:
support.datasunrise.com
Partnership and Alliance Inquiries:
[email protected]