This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Spring4Shell & Lansweeper

ErikT
Lansweeper Tech Support
Lansweeper Tech Support
‎04-05-2022 10:27 AM
Recently a new vulnerability in the Java Spring framework dubbed Spring4Shell. CVE-2022-22965 has a potentially large impact as many applications use the Spring framework.

Neither Lansweeper, nor its 3rd party components are vulnerable or affected.

Read more in our Spring4Shell blogpost
0 Kudos
4 Comments
Guest
Lansweeper Employee
Lansweeper Employee
‎04-06-2022 09:27 PM
‎04-06-2022 09:27 PM
Regardless of the above we are being told to upgrade SPRING but do not have any instructions.
Our license is up for renewal and IT Security team have made this a condition before they will approve renewal.

Please advise how this can be done
0 Kudos
ukaussiSMS
Engaged Sweeper
‎04-06-2022 09:40 PM
‎04-06-2022 09:40 PM
Guest wrote:
Regardless of the above we are being told to upgrade SPRING but do not have any instructions.
Our license is up for renewal and IT Security team have made this a condition before they will approve renewal.

Please advise how this can be done


This questions was from myself BTW, was not logged in
It is URGENT and we are having to shutdown server today until resolved

0 Kudos
FrankSc
Lansweeper Tech Support
Lansweeper Tech Support
‎04-07-2022 03:51 PM
‎04-07-2022 03:51 PM
Hi,
With the blogpost, we confirmed that Lansweeper on its own, or its 3rd part components, are not affected by this vulnerability.
Upgrading affected applications, depends on the applications that you are running, which are possibly affected by this. The library can be used in different applications.

To mitigate the issue, we found the following link:
https://www.contrastsecurity.com/security-influencers/new-spring4shell-vulnerability-confirmed-what-it-is-and-how-to-be-prepared
0 Kudos
ukaussiSMS
Engaged Sweeper
‎04-07-2022 04:31 PM
‎04-07-2022 04:31 PM
FrankSc wrote:
Hi,
With the blogpost, we confirmed that Lansweeper on its own, or its 3rd part components, are not affected by this vulnerability.
Upgrading affected applications, depends on the applications that you are running, which are possibly affected by this. The library can be used in different applications.

To mitigate the issue, we found the following link:
https://www.contrastsecurity.com/security-influencers/new-spring4shell-vulnerability-confirmed-what-it-is-and-how-to-be-prepared


As this is a simple W10 Enterprise desktop PC whose sole task is running Lansweeper for 4000 assets I will have to wait for what our Security team says as know nothing of Java, Spring or programming.
0 Kudos

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now
Popular Articles