Tracked as CVE-2022-22965, the vulnerability dubbed Spring4Shell impacts the Spring Framework, the most popular Java application development framework in the world, and could lead to the execution of code remotely. Security researchers have already observed attempts to exploit the flaw in the wild. SAP published three Spring4Shell-related security notes, all rated “Hot News,” the highest rating in the company’s books, two of which address CVE-2022-22965 in HANA Extended Application Service and Customer Checkout. The third note, however, is a central note for Spring4Shell, which suggests that SAP expects the impact from this vulnerability to be wider.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased