Discover what’s new in Lansweeper – Explore our 2024 Summer Launch! 🚀 Learn more


Spring4Shell & Lansweeper

2 min. read
By Esben Dochy

Recently a new vulnerability in the Java Spring framework dubbed Spring4Shell. CVE-2022-22965 has a potentially large impact as many applications use the Spring framework. Neither Lansweeper, nor its 3rd party components are vulnerable or affected.

Similar to Log4j, the Spring4Shell vulnerability concerns a Java library that can potentially be used in many applications. According to ContrasSecurity, the Spring Core Framework is used in 74% of Java applications.

Similar to Log4j the Dutch National Cyber Security Center, created a public GitHub with their collected information including the requirements for the specific vulnerable scenario, tools/scripts to scan for the specific Java Framework, and more.

A vulnerable scenario as published by Spring:

  • Running on JDK 9 or higher
  • Apache Tomcat as the Servlet container
  • Packaged as a traditional WAR and deployed in a standalone Tomcat instance. Typical Spring Boot deployments using an embedded Servlet container or reactive web server are not impacted.
  • spring-webmvc or spring-webflux dependency.
  • Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions.

Our security team has evaluated Lansweeper and all of the third-party components to verify the CVE-2022-22965. After the evaluation, we’re happy to confirm that neither Lansweeper nor its 3rd party components are vulnerable or affected by the Spring4Shell vulnerability.


Ready to get started?
You’ll be up and running in no time.

Explore all our features, free for 14 days.