Skip navigation

Vulnerability in the open-source Spring Framework for Java

Posted April 1, 2022 16:00 (CEST)

VMware have published a critical security advisory on their Spring Framework, a common open-source Java framework. This vulnerability is tracked as CVE-2022-22965 and also identified in some reports as Spring4Shell.

Impact on our product portfolio is being investigated and we will take action to resolve any issue that is identified with due priority. In our enterprise environment our IT team is working to assess and remediate any potentially affected environments. Our priority is always to ensure that our customers are protected.  

Confirmed impact to our offerings will be communicated through standard channels, and in accordance to the vulnerability’s criticality. 

Ericsson has a long history of systematically incorporating security and privacy considerations across relevant aspects of our operations including all phases of our product value flow. Our efforts in this area follow a well-established internal control framework known as the Security Reliability Model (SRM) and the ISO 27001 Framework. The SRM enables a managed, risk-based approach to security and privacy implementation where requirements are tailored to the target environment and demands. 

All security related concerns for existing customers are handled through the regular Customer Support channels. 

For additional information see Ericsson PSIRT

Previous vulnerability statements

Log4j vulnerability