spring logo
Press Release

Retail & Hospitality ISAC Threat Researchers Confirm Validity of Spring Framework RCE Vulnerability

Posted on March 30, 2022

By RH-ISAC Staff

Vienna, VA (March 30, 2022) – Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) threat researchers investigated a proof-of-concept (POC) for the RCE vulnerability in the Spring framework that was reported on March 29, 2022. The RH-ISAC researchers were able to obtain a copy of the code repository that contained the POC and test…

Read More
spring logo
Threat Intelligence

Alleged RCE Vulnerability Discovered in Spring Framework

Posted on March 30, 2022

By Lee Clark, RH-ISAC Cyber Threat Intel Analyst & Writer, and J.J. Josing, RH-ISAC Principal Threat Researcher

Updates: April 5, 2022, 12 p.m. ET The “Spring4Shell” RCE (CVE-2022-22965) has been added to CISA’s list of known exploited vulnerabilities. Due to the conditions required to exploit the vulnerability, security researchers are beginning to form a consensus that, while serious, Spring4Shell is not as critical or dangerous as the Log4Shell vulnerability. The conditions for…

Read More