Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Unpatched Java Spring Framework 0-Day RCE Bug Threatens Enterprise Web Apps Security

Urmo Luts
Urmo Luts March 31, 2022

Hi

Seems to be that new threat is out and would it peril Atlassian products server/dc also?

https://www.bleepingcomputer.com/news/security/new-spring-java-framework-zero-day-allows-remote-code-execution/

Answer
Watch
Like # people like this
1719 views

2 answers

1 accepted

Suggest an answer

Log in or Sign up to answer
0 votes
Answer accepted
Jodie Vlassis
Jodie Vlassis
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 3, 2022

Update:

Please see the latest FAQs posted over the weekend: https://confluence.atlassian.com/display/KB/FAQ+for+CVE-2022-22965

As always, you can monitor security vulnerabilities at the following link https://www.atlassian.com/trust/security/advisories

You can also report a vulnerability using this article https://www.atlassian.com/trust/security/report-a-vulnerability so Atlassian will provide an offical answer for that question.

We will continue to monitor the situation and provide a response soon.

 

Jodie

Reply
0 votes
Jodie Vlassis
Jodie Vlassis
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 31, 2022

Please refer to our FAQ page, we should have a formal announcement soon:

https://confluence.atlassian.com/kb/faq-for-cve-2022-22963-cve-2022-22965-1115149136.html

Reply
groups-icon
Trust & Security
TAGS
AUG Leaders

Atlassian Community Events

    See all events