VMware announced a vulnerability (CVE-2022-22963) in their Spring Framework on March 29, 2022. The vulnerability is within the Spring Cloud function allowing remote code execution.
A further vulnerability (CVE-2022-22965) has also been identified on March 31, 2022. This vulnerability affects the Spring Framework RCE and Spring Boot data-binding, if running Java 9 or above.
We are pleased to state that no iET® Solutions products are affected by this vulnerability.
Apache published a critical vulnerability within the Apache log4j java library on December 6, 2021. This vulnerability allows an attacker who can control log messages or log message parameters to execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.
A number of iET® Solutions products are affected:
On December 17, 2021, Apache published a new log4j vulnerability (CVE-2021-45105). This vulnerability affects the same identified products.
Resolutions are available for all versions. An iET® Solutions technical support representative will be in touch shortly to provide detailed instructions if you are affected. Alternatively, please email us at support@iet-solutions.com.
US based support is available on business days from 8:30 am to 5:30 pm ET.
Outside of the US, support is available on business days from 9:00 am to 5:00 pm CET.