Welcome to intarsys

Security Alert on Spring Remote Code Execution (RCE) Vulnerability

Are intarsys products affected by CVE-2022-22965 "Spring Core Remote Code Execution Vulnerability Exploited In the Wild (SpringShell)"?

  • https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement
  • https://unit42.paloaltonetworks.com/cve-2022-22965-springshell/

intarsys products are not affected because

  1. only the intarsys product Sign Live! cloud suite gears spring used
  2. Sign Live! cloud suite gears is operated with Java 8
  3. Sign Live! cloud suite gears does not use spring-webmvc or spring webflux.

Qualified electronic signature: ECJ ruling of February 29.02.2024, 25 A current ECJ ruling specifies the interpretation of Article XNUMX of the Regulation (EU)...