- 05 Apr 2024
- 1 Minute to read
- Print
- DarkLight
- PDF
Impact of Java Spring Framework Vulnerabilities on Pharos - April 2022
- Updated on 05 Apr 2024
- 1 Minute to read
- Print
- DarkLight
- PDF
Pharos products are not impacted by Java Spring framework vulnerabilities.
Two new vulnerabilities have been discovered in Java's Spring framework. The Spring framework ( https://spring.io ) is a set of tools to simplify and speed delivery of applications.
CVE-2022-22963 ( https://nvd.nist.gov/vuln/detail/CVE-2022-22963 ) is a new critical RCE (Remote Code Execution) vulnerability.
CVE-2022-22965 ( https://nvd.nist.gov/vuln/detail/CVE-2022-22965 , with a detail information here: https://www.trustedsec.com/blog/cve-2022-22965-spring4shell-vulnerability/ ) is a vulnerability in Spring Core and could lead to unauthenticated RCE. This has been titled by some as "Spring4Shell".
Pharos does not use the Java Spring framework in any Pharos product, in Pharos Cloud, nor in Pharos internal infrastructure. Therefore Pharos and its products are not susceptible to this Java Spring vulnerability.
Pharos will continue to monitor its vendors and suppliers for susceptibility, although none have reported issues to date.