On March 31, 2022, a remote code execution vulnerability identified as CVE-2022-22965 was confirmed in the Spring Framework, the most popular Java framework used to build server-side apps. This new RCE is being discussed under the name “Spring4Shell.”
Our security team investigated the issue and based on the information that is available concluded that EyeQuestion, although we are using the library, is not vulnerable as it seems to only be exploitable in certain configurations that EyeQuestion does not have.
For both our Saas as well as our On Premisis clients here is no immediate action required at this moment.
Nevertheless we will update to the latest Spring libraries as suggested and provide them in the next release.
If you have any questions, please feel free to contact our support desk at [email protected]
We will keep you posted on any new information.