by Scott Muniz | Apr 1, 2022 | Security, Technology
This article is contributed. See the original author and article here.
The CERT Coordination Center (CERT/CC) has released information on a vulnerability (CVE-2022-22965), known as “Spring4Shell,” affecting Spring Framework, a Java framework that creates applications, including web applications. A remote attacker could exploit this vulnerability to take control of an affected system.
CISA encourages users and administrators to review the CERT/CC Vulnerability Note VU #970766 for more information and to apply the recommended mitigations.
by Scott Muniz | Apr 1, 2022 | Security, Technology
This article is contributed. See the original author and article here.
Spring by VMWare has released Spring Cloud Function versions 3.1.7 and 3.2.3 to address remote code execution (RCE) vulnerability CVE-2022-22963 as well as Spring Framework versions 5.3.18 and 5.2.20 to address RCE vulnerability CVE-2022-22965, known as “Spring4Shell.” A remote attacker could exploit these vulnerabilities to take control of an affected system.
According to VMware, the Spring4Shell vulnerability bypasses the patch for CVE-2010-1622, causing CVE-2010-1622 to become exploitable again. The bypass of the patch can occur because Java Development Kit (JDK) versions 9 and later provide two sandbox restriction methods, providing a path to exploit CVE-2010-1622 (JDK versions before 9 only provide one sandbox restriction method).
CISA encourages users and administrators to immediately apply the necessary updates in the Spring Blog posts that provide the Spring Cloud Function updates addressing CVE-2022-22963 and the Spring Framework updates addressing CVE-2022-22965. CISA also recommends reviewing VMWare Tanzu Vulnerability Report CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+ and CERT Coordination Center (CERT/CC) Vulnerability Note VU #970766 for more information.
by Scott Muniz | Mar 31, 2022 | Security
This article was originally posted by the FTC. See the original article here.
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
by Scott Muniz | Mar 31, 2022 | Security, Technology
This article is contributed. See the original author and article here.
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A
lock (
) or
https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
by Scott Muniz | Mar 31, 2022 | Security, Technology
This article is contributed. See the original author and article here.
The Federal Bureau of Investigation (FBI) has released a Private Industry Notification (PIN) to inform U.S. Government Facilities Sector partners of cyber actors conducting ransomware attacks on local government agencies that have resulted in disrupted operational services, risks to public safety, and financial losses.
CISA encourages local government officials and public service providers to review FBI PIN: Ransomware Attacks Straining Local U.S. Governments and Public Services and apply the recommended mitigations.
Recent Comments