In this blog, we discuss the recent Spring4Shell security issue - and Ascertia's response to it.
Spring Framework provides a comprehensive programming and configuration model for modern Java-based enterprise applications - on any kind of deployment platform.
Ascertia has become aware of a security issue within the Spring Framework which could be exploited by an attacker. No currently released Ascertia products make use of the Spring Framework for any data binding operations.
Further details are available at: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22965
No currently released Ascertia products make use of the Spring Framework for any data binding operations. ADSS Server does include Spring libraries within its file structure, these are used internally to the application.
To ensure that our applications were safe from this exploit, Ascertia has performed the relevant tests on all currently supported versions of ADSS Server, using third party vulnerability assessment tools. The results from these tests indicated that none of our products were vulnerable to this CVE.
Ascertia will continue to monitor this CVE and any related CVEs hereafter and ensure that all remediation is taken to safeguard Ascertia products and customers.
If you have any security-related questions, please contact Ascertia support or your account team.