Published on Apr 5, 2022
New vulnerability: on 03/31 a new critical vulnerability CVE-2022-22965 (so-called Spring4Shell) with working exploits was published in the Java framework Spring.
This vulnerability affects Java 9+ applications based on the well-known Spring framework (mainly on Tomcat servers).
An affected product may be vulnerable to remote Code Execution (RCE) which potentially allows attackers to execute arbitrary code remotely. All WEBfactory products confirmed unaffected by Spring4Shell vulnerabilities.
All versions of the following products are not vulnerable:
For more information, check out this blog post from Spring: