Login
    Contents x
    Impact of Java Spring Framework Vulnerabilities on Pharos
    • 05 Apr 2024
    • 1 Minute to read
    • Contributors
    • Print
    • Dark
      Light
    • PDF
    Contents

    Impact of Java Spring Framework Vulnerabilities on Pharos

    • Updated on 05 Apr 2024
    • 1 Minute to read
    • Contributors
    • Print
    • Dark
      Light
    • PDF
    Article summary

    Pharos products are not impacted by Java Spring framework vulnerabilities.

    Two new vulnerabilities have been discovered in Java's Spring framework. The Spring framework ( https://spring.io ) is a set of tools to simplify and speed delivery of applications.

    CVE-2022-22963 ( https://nvd.nist.gov/vuln/detail/CVE-2022-22963 ) is a new critical RCE (Remote Code Execution) vulnerability.

    CVE-2022-22965 ( https://nvd.nist.gov/vuln/detail/CVE-2022-22965 , with a detail information here: https://www.trustedsec.com/blog/cve-2022-22965-spring4shell-vulnerability/ ) is a vulnerability in Spring Core and could lead to unauthenticated RCE. This has been titled by some as "Spring4Shell".

    Pharos does not use the Java Spring framework in any Pharos product, in Pharos Cloud, nor in Pharos internal infrastructure. Therefore Pharos and its products are not susceptible to this Java Spring vulnerability.

    Pharos will continue to monitor its vendors and suppliers for susceptibility, although none have reported issues to date.

    Was this article helpful?
    Related articles
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout