Spring4Shell
Zero-day lek "Spring4Shell" actief in Java Spring Framework
Op donderdag 31 maart 2022 is een lek bekend geworden in Java Spring Framework. Op basis hiervan hebben we meteen onderzoek verricht op onze omgevingen en contact gezocht met leveranciers. Op dit moment zijn er geen applicaties geconstateerd die vatbaar zijn voor dit lek. Wij gaan verder met dit onderzoek en onderhouden actief contact met onze leveranciers. Tevens monitoren we onze netwerken nauwlettend om mogelijk misbruik te voorkomen.
In de tabel hieronder treft u een overzicht aan van de huidige stand van zaken.
Zero-day vulnerability "Spring4Shell" active in Java Spring Framework
Thursday March 31, 2022 - A zero-day remote code execution (RCE) vulnerability has come to light in the Spring framework. Based on this, we immediately conducted research into our environments and contacted suppliers. At this time, no applications have been identified as vulnerable to this vulnerability. We will continue with this investigation and maintain active contact with our suppliers. We also monitor our networks closely to prevent possible misuse.
In the table below you'll find an overview of the current state of affairs.
|
On-Premises |
SaaS |
Status |
Basware SaaS |
|
X |
Not affected |
Basware SaaS Analytics |
|
X |
Not affected |
Basware Network
|
|
X |
Not affected |
Basware Alusta (ICreative best-effort support ends per 01-01-2022; out-of-support by Basware) |
X |
|
Not affected |
Basware Analytics (ICreative best-effort support ends per 01-01-2022; out-of-support by Basware) |
X |
|
Not affected |
Basware IP, PM, CLM (out-of-support by Basware) |
X |
|
Not affected |
ICreative Recognition Service (IRS) |
|
X |
Not affected |
ICreative Reporting Service |
|
X |
Not affected |
ICreative Validation Service (IVS) |
|
X |
Not affected |
ICreative Invoice Status Portal (IISP) |
|
X |
Not affected |
ICreative Procuration Manager (IPM) |
|
X |
Not affected |
ICreative Integration Platform (IIP) |
|
X |
Not affected |
ICreative Expense Service (IES) |
|
X |
Not affected |
Kofax VRS, Capture, KTM, KTA |
X |
|
Not affected |
ED Ontvangt |
X |
|
Not affected |
IScript / IScript Server |
X |
|
Not affected |
Zenix Expense |
X |
|
Not affected |
Gemini |
|
X |
Not affected |
Scansys |
X |
|
Not affected |
ICreative modules (such as ThinMonitor, Kofax Batch Importer, Auto-approval framework, etc.) |
X |
|
Not affected |
Last update: 11–April–2022 17:00