My Oracle Support Banner

Spring4shell - spring framework RCE (Doc ID 2865856.1)

Last updated on MAY 05, 2022

Applies to:

Oracle Financial Services Crime and Compliance Management Studio - Version 8.0.8 and later
Information in this document applies to any platform.

Goal

Spring4Shell: An confirmed RCE in Spring Core <=5.3.17. This is currently investigated by security researchers. While this is a severe vulnerability, it only impacts non-default usage of SpringCore with a configuration which is not proven to be widespread. This makes it different from Log4Shell/Log4j. Another difference with Log4Shell/Log4j is that with Spring4Shell, an attacker needs to be able to send a direct HTTP request to a target machine, whereas with Log4Shell/Log4j an attacker could also hit machines indirectly (when logs were sent to those machines).

Will this impact studio?

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.