all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

SpringShell (Spring4Shell) : New Unpatched RCE Vulnerability in Spring Core Framework

Add to bookmarks
April 1, 2022, 2:34 p.m. |

FortiGuard Labs | FortiGuard Center - Threat Signal Report fortiguard.fortinet.com

UPDATE March 31st, 2022: The Appendix section has been updated with a link to Outbreak Alert.FortiGuard Labs is aware that an alleged Proof-of-Concept (POC) code for a new Remote Code Execution (RCE) vulnerability in Spring Core, part of the popular web open-source framework for Java called "Spring," was made available to the public (the POC was later removed). Dubbed SpringShell (Spring4Shell), CVE-2022-22965 has been assigned to the vulnerability and an emergency fix was released on March 31st, 2022. For further …

framework rce spring spring4shell spring core springshell unpatched vulnerability

Visit resource

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - Threat Signal Report

Akira Ransomware Attack 1 day, 1 hour ago | fortiguard.fortinet.com
access advisory akira akira ransomware +16
PAN-OS Critical Flaw in GlobalProtect Gateway (CVE-2024-3400) 1 week, 1 day ago | fortiguard.fortinet.com
advisory attack code code injection +27
XZ Utils Supply Chain Attack (CVE-2024-3094) 2 weeks, 6 days ago | fortiguard.fortinet.com
attack code compression cve +25
Nice Linear eMerge Command Injection Vulnerability (CVE-2019–7256) 3 weeks, 6 days ago | fortiguard.fortinet.com
access attacker code code execution +25
Jenkins Arbitrary File Read Vulnerability (CVE-2024-23897) 4 weeks ago | fortiguard.fortinet.com
access application application developers attackers +31
Kimsuky Malware Attack 4 weeks ago | fortiguard.fortinet.com
attack cyber entities espionage +15
JetBrains TeamCity Authentication Bypass Vulnerabilities (CVE-2024-27198, CVE-2024-27199) 1 month, 1 week ago | fortiguard.fortinet.com
attacker authentication authentication bypass bypass +15
ConnectWise ScreenConnect Vulnerabilities (CVE-2024-1708 and CVE-2024-1709) 1 month, 4 weeks ago | fortiguard.fortinet.com
access advisory application attackers +28
Microsoft Exchange Server Elevation of Privilege Vulnerability (CVE-2024-21410) 2 months, 1 week ago | fortiguard.fortinet.com
attacks can critical cve +27

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Advisory Red Consultant

@ Security Risk Advisors | Philadelphia, Pennsylvania, United States
View on infosec-jobs.com

Cyber Business Transformation Change Analyst

@ National Grid | Warwick, GB, CV34 6DA
View on infosec-jobs.com

Cyber Security Analyst

@ Ford Motor Company | Mexico City, MEX, Mexico
View on infosec-jobs.com

Associate Administrator, Cyber Security Governance (Fort Myers)

@ Millennium Physician Group | Fort Myers, FL, United States
View on infosec-jobs.com

Embedded GSOC Lead Operator, Events

@ Sibylline Ltd | Seattle, WA, United States
View on infosec-jobs.com
View more jobs