Note on Java Vulnerability Spring4Shell

WEBfactory products confirmed unaffected by Spring4Shell vulnerabilities.

Published on Apr 5, 2022

Overview

New vulnerability: on 03/31 a new critical vulnerability CVE-2022-22965 (so-called Spring4Shell) with working exploits was published in the Java framework Spring.
This vulnerability affects Java 9+ applications based on the well-known Spring framework (mainly on Tomcat servers).

Impact

An affected product may be vulnerable to remote Code Execution (RCE) which potentially allows attackers to execute arbitrary code remotely. All WEBfactory products confirmed unaffected by Spring4Shell vulnerabilities.

All versions of the following products are not vulnerable:

  • WEBfactory 2006
  • WEBfactory 2010
  • i4SCADA
  • i4BACnet
  • i4connected
  • i4HMI
  • i4designer

The most important recommendation for anyone using the Spring framework is to upgrade to the secure versions 5.3.18 or 5.2.20.

For more information, check out this blog post from Spring:

WordPress Cookie Plugin by Real Cookie Banner