March 30, 2022, researchers found a new HIGH vulnerability on the famous Spring Cloud Function leading to remote code execution (RCE). The vulnerability CVE-2022-22963 would permit attackers to execute arbitrary code on the machine and compromise the entire host.
March 31, 2022, a new vulnerability called Spring4shell, referenced CVE-2022-22965, was reported this time on the very popular Java framework Spring Core on JDK9+. The vulnerability is again a remote code execution (RCE) which would permit attackers to execute arbitrary code on the machine and compromise the entire host.
Allocadia is not impacted by those 2 vulnerabilities. The security team continues to actively monitor its material suppliers and is taking prompt remedial action where it finds its material suppliers out of compliance with their security commitments.
Allocadia is monitoring all developments to ensure the safety of Customer Data across all related systems and data flows. Please forward any inquiries related to this situation or any other software vulnerabilities to firstname.lastname@example.org.