CVE-2022-22963 and Spring4Shell Vulnerability CVE-2022-22965

Latest Update: April 14, 2022

The security of Infutor’s data and systems is always our highest priority. Infutor is aware of:

  • CVE-2022-22963, remote code execution in Spring Cloud Function by malicious Spring Expression
  • Spring4Shell (CVE-2022-22965), remote code execution in Spring Framework via Data Binding on Java Development Kit (JDK) version 9 or later

Impact: As of April 4, we have confirmed that these vulnerabilities do not affect Infutor’s products and services. The Infutor platform does not utilize any Spring Framework as part of our production environment or for any client access. The Infutor Security and Incident Response teams have implemented additional threat detection measures and are actively monitoring this issue should further response be required.

As more information becomes available, we will update this web page.

Trust is a primary concern at Infutor, and we take the protection of consumers, data, and our clients very seriously. Questions or Concerns?

Contact Us