New Zero-Day Vulnerability in Spring
Recently, researchers found a critical vulnerability in Spring, an open-source framework for the Java platform. This vulnerability was named as Spring4Shell (CVE-2022-22965) in tune with the infamous Log4j (CVE-2021-44228).
DataSunrise is aware of the recent disclosure of this security concern and its worldwide exploitation. We are actively monitoring this issue, even though our product has not been affected.
Hereby, we confirm that DataSunrise software was not affected by this security issue. DataSunrise does not use affected Spring Core in the software or anywhere.
Spring4Shell vulnerability lets attackers remotely execute malicious code under some conditions. But there are other possible ways of exploiting this vulnerability.
First of all, we encourage you to check all your environments that contain or possibly contain the Spring framework. For security and remediation steps, please update Spring to secure versions 5.3.18 or 5.2.20 and check its site for the possible workarounds.
If you need any additional details or help, please contact our Support Team.