Context over chaos. Disconnected technologies, siloed data, and reactive processes can only get you so far. Protecting businesses in today’s threat landscape demands more than a set of security tools – it requires context.
That's where Avertium comes in
Security. It’s in our DNA. It’s elemental, foundational. Something that an always-on, everything’s-IoT-connected world depends on.
Helping mid-to-enterprise organizations protect assets and manage risk is our only business. Our mission is to make our customers’ world a safer place so that they may thrive in an always-on, connected world.
Best-in-class technology from our partners... backed by service excellence from Avertium.
Interested in becoming a partner?
With Avertium's deal registration, partners can efficiently and confidently connect with Avertium on opportunities to protect your deals.
Microsoft Copilot for Security analyzes and synthesizes high volumes of security data which can help healthcare cybersecurity teams do more with less.
Dive into our resource hub and explore top
cybersecurity topics along with what we do
and what we can do for you.
A zero-day remote code execution (RCE) vulnerability (CVE-2022-22965) was found in VMware’s Spring Framework. The vulnerability was reported on Tuesday, March 29, 2022, and was confirmed by Spring today. According to Spring, the vulnerability severity is critical and affects Spring MVC and Spring WebFlux applications running on JDK 9+.
CVE-2022-22965 requires that the application run on Tomcat as a WAR deployment. The application can’t be exploited if it’s deployed as a Spring Boot executable jar, i.e., the default. However, according to Spring, the nature of the vulnerability is more general and there could be other ways for exploitation, which have not been reported yet. How do you know if you’re impacted? See the requirements below:
To address the issue, Spring released an emergency update for Spring Framework versions 5.3.18 and 5.2.20. Spring is a java-based software framework used by many enterprises. The vulnerability affects the following Spring Framework versions:
On March 30, the InfoSec community was confused about the vulnerability due to two reasons. The first reason is because CVE-2022-22965 is not the only Spring boot vulnerability that was discovered. CVE-2022-22963, which is also a zero-day RCE vulnerability, affects VMware’s Spring Cloud Function component. According to VMware, when using the routing functionality, it’s possible for an attacker to provide a specially crafted Spring Expression Language (SpEL) as a routing-expression, which could result in access to local resources. The vulnerability was likened to Log4Shell, but it isn’t nearly as dangerous. Spring has since released a patch for Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions.
The second reason there was confusion is because the proof of concept (PoC) for CVE-2022-22965 and the vulnerability itself is not exploitable with out-of-the-box installations of Spring. An attacker would need to use specific functionality to exploit it.
Because the CVE-2022-22965 is presently evolving, Avertium will continue to investigate and confirm information about the exploit as we receive it. If your organization could be affected by CVE-2022-22965, Spring recommends that you update to the latest versions as soon as possible. As the exploit evolves, follow their blog for updated information.
CVE-2022-22965
CVE-2022-22963
CVE-2022-22965
CVE-2022-22963
At this time, there are no known IoCs for CVE-2022-22963. Avertium’s threat hunters remain vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, reach out to your Avertium Service Delivery Manager or Account Executive.
Spring Framework RCE, Early Announcement
CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+ | Security | VMware Tanzu
Spring4Shell: Zero-Day Vulnerability in Spring Framework | Rapid7 Blog
Related Reading:
How to Detect Ransomware: Best Practices for Avoiding Malware Attacks
Contact us for more information about Avertium’s managed security service capabilities.