Spring4shell - spring framework RCE
(Doc ID 2865856.1)
Last updated on MAY 05, 2022
Applies to:Oracle Financial Services Crime and Compliance Management Studio - Version 8.0.8 and later
Information in this document applies to any platform.
Spring4Shell: An confirmed RCE in Spring Core <=5.3.17. This is currently investigated by security researchers. While this is a severe vulnerability, it only impacts non-default usage of SpringCore with a configuration which is not proven to be widespread. This makes it different from Log4Shell/Log4j. Another difference with Log4Shell/Log4j is that with Spring4Shell, an attacker needs to be able to send a direct HTTP request to a target machine, whereas with Log4Shell/Log4j an attacker could also hit machines indirectly (when logs were sent to those machines).
Will this impact studio?
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document