AutoRABIT is aware of a critical, zero-day vulnerability in the Spring framework known as “Spring4Shell” (CVE-2022-22965) which was disclosed on March 31st, 2022. This vulnerability can lead to remote code execution. As a result ,AutoRABIT has taken steps to analyze its impact on our product, and mitigate it.
As part of our overall in-depth defense strategy, AutoRABIT took the following actions:
- We conducted an extensive analysis and testing of all AutoRABIT products and found only ARM is potentially vulnerable to this exploit.
- We configured the IDS/IPS, Web Application Firewall, and endpoint protection with rules to specifically detect and block any attempts to exploit the issue.
- We upgraded ARM to use non-vulnerable version of the Spring Framework and is currently undergoing extensive quality and security testing.
We expect to begin rolling out the updates in consultation with our customers as per our normal upgrade practices once all testing and verification is completed over the next several days. For dedicated or self-hosted customers, your customer success managers will be in contact to coordinate update timings.