newsletter
contact us
LinkedIn

Wir sind für Sie da!

Kontaktieren Sie uns.

salutation
Wir werden uns so schnell wie möglich bei Ihnen melden.

Exeon Analytics AG

Grubenstrasse 12
CH-8045 Zürich
Schweiz

Telefon: +41 44 500 77 21

 

 

Severe vulnerability in the Spring Framework

 

A critical 0-Day RCE vulnerability in the Spring Web application framework became public on March 30 [see CVE-2022-22965 and https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement]. It’s highly recommended to immediately patch and closely monitor Spring Web application servers.

Compromised servers are likely to be used as relays and as an entry point for various attacks against corporate networks, such as ransomware attacks. Besides relying on ExeonTrace’s automated detection, Exeon’s customers can retrospectively check the network behaviour of potentially vulnerable servers using the “Client server pairs” visualization, as outlined in our previous post on the detection of Log4j.

The ExeonTrace NDR solution itself doesn’t use Spring and is therefore unaffected by the vulnerability.

[Source: https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement]

The author: David Gugelmann is Founder and CEO of Exeon.

Trusted by