Spring4Shell Vulnerability Update

Updated on: Nov 27, 2024 2 MINUTES Read

This is a memo from Hyperproof’s Security team written on March 31, 2022. For additional questions, please contact the Hyperproof Security Team at [email protected]

Summary of vulnerability

A remote code execution vulnerability in Spring Cloud Foundation was published on Tuesday, March 29, 2022, and was upgraded to Critical on Thursday, March 31, 2022.  Under certain circumstances, it was possible to execute code on a server running Spring Cloud Foundation using a specially crafted request.

Detection of vulnerability

Hyperproof’s Security Team was notified of this vulnerability shortly after its upgrade to critical on Thursday, March 31, 2022 by our automated vulnerability scanning tools.

Investigation details

The Hyperproof engineering team was immediately engaged and confirmed that Hyperproof is not vulnerable to this issue. 

We determined that our existing defense-in-depth controls for API and data access mitigate the possibility of this vulnerability being triggered. Hyperproof’s internal security firewalls and service APIs utilize least-privileged access controls for all resources and APIs. The vulnerable resources were blocked at multiple levels in Hyperproof’s infrastructure, mitigating this vulnerability.

Remediation actions

In an abundance of caution, Hyperproof has updated our Java services from Spring Framework 5.3.16 to 5.3.18 and will continue to monitor this issue.

See Hyperproof in Action

Request Demo
Related Resources

Ready to see
Hyperproof in action?

G2 Crowd Leader
G2 Crowd Best Estimated ROI
G2 Crowd Best Customer Support Enterprise
G2 Crowd Fastest Implementation
G2 Crowd Momentum Leader