Pharos software is NOT susceptible to the new Text2Shell vulnerability
Background
Recently, a security vulnerability was discovered inside the Apache tool Text2Shell
CVE-2022-42889: https://nvd.nist.gov/vuln/detail/CVE-2022-42889
The vulnerability is rated as “Critical” because it allows remote execution of Javascript on application servers.
The vulnerability exists within versions 1.5 - 1.9 of Text2Shell. Administrators are urged to upgrade to version 1.10.
Many organizations, including Pharos customers, are urgently investigating where this tool is used and how to update/repair those instances.
Pharos Software and Text2Shell
Pharos has reviewed all our software, 3rd party tools/libraries, internal infrastructure and cloud infrastructure and can confirm that we do not use the Text2Shell tool anywhere.