A critical 0-Day RCE vulnerability in the Spring Web application framework became public on March 30 [see CVE-2022-22965 and https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement]. It’s highly recommended to immediately patch and closely monitor Spring Web application servers.
Compromised servers are likely to be used as relays and as an entry point for various attacks against corporate networks, such as ransomware attacks. Besides relying on ExeonTrace’s automated detection, Exeon’s customers can retrospectively check the network behaviour of potentially vulnerable servers using the “Client server pairs” visualization, as outlined in our previous post on the detection of Log4j.
The ExeonTrace NDR solution itself doesn’t use Spring and is therefore unaffected by the vulnerability.
The author: David Gugelmann is Founder and CEO of Exeon.