Spring4Shell Security Advisory
Updated: April, 27th 2022
Zywave does utilize the Spring Framework within its infrastructure in a very limited manner. Zywave has successfully mitigated the Spring Framework CVE-2022-22963, and CVE-2022-22965 vulnerabilities, commonly known as “Spring4Shell”, in all client facing products.
Zywave is continuing to research, mitigate and validate internal, non-public facing or 3rd party applications for the potential Spring4Shell vulnerabilities.
At this time, Zywave has no indication of a compromise exploiting the Spring4Shell vulnerabilities. This posting will be updated as needed based on research and mitigation, or if more information is uncovered about the vulnerability.