Statement ValidSign
Vulnerability in the Java Spring Framework:
what is it, what are the risks, and what does ValidSign do?
A vulnerability in the Spring development framework for JAVA, known in the media as the "Java Spring Framework" currently poses a major security risk for organizations. This framework is used in the development of JAVA applications. The National Cyber Security Center advises installing an update as soon as possible.
What is the Java Spring Framework?
The JAVA Spring Framework is an application framework for application development on the JAVA platform. There are many organizations, applications and cloud services that use this JAVA framework in development. The vulnerability came to light on Thursday, March 31, and has been named Spring4Shell or CVE-2202-22965.
What is the risk?
Companies that use the JAVA Spring Framework may be vulnerable to abuse, provided certain conditions are met, for example in the form of a ransomware attack. This usually doesn't happen right away, but can happen over several weeks or months.
What does ValidSign do?
ValidSign immediately started an analysis of the problem on Thursday, March 31, and checked the various applications for this vulnerability. It was discovered that in none of the cases, ValidSign is vulnerable as not all conditions are met. ValidSign also follows the advice of the National Cyber Security Center (NCSC) to implement software updates as quickly as possible in the JAVA Spring Framework, which is used within a number of ValidSign applications.
ValidSign currently has no indication of abuse.
If you have any further questions? Then you can contact the ValidSign Support department by email at support@validsign.eu or by phone at +31 (0)85 303 3676