SpringShell: Spring Core RCE 0-day Vulnerability
search cancel

SpringShell: Spring Core RCE 0-day Vulnerability


Article ID: 238332


Updated On:


FAVER VSAM Data Protection for z/OS


Researchers have found a remote code execution 0-day vulnerability (dubbed Spring4Shell and SpringShell) in the Spring Core Java framework that allows unauthenticated remote code execution.


Release : 4.5

Component : Faver VSAM Data Protection


This RCE 0-day vulnerability exists in the Spring Core with the JDK version greater than or equal to 9.0. It allows an unauthenticated attacker to execute arbitrary code on the target system. The Spring Framework is a popular Java platform that provides comprehensive infrastructure support for developing Java applications.


Faver has no interface to JAVA or with any of the BOX framework product provided.

There is no vulnerability with the Spring Core Framework with JDK version 9 and above.