Corporate Infrastructure and Services: Broadcom’s Global Technology Organization is conducting software asset reviews to identify any potentially affected applications. Any necessary mitigations, including upgrades to patched versions of the Spring Framework, will be implemented in accordance with vendor recommendations. At this time, we have no indication of compromise related to this vulnerability.
Broadcom Products: Engineers from our product teams are assessing all software that incorporates any version of the vulnerable Spring Framework. More specific information (e.g., information about necessary patches/hotfixes, workarounds, or other required customer actions) is available within the following security advisories from our product divisions, which are regularly updated:
For additional expert insights into the threats posed by the Spring4Shell vulnerability -- including information about how our Symantec security products can mitigate exposure to these threats -- please visit the Symantec Threat Intelligence blog.
As a founding member of the U.S. Department of Homeland Security's Joint Cyber Defense Collaborative, Broadcom Software partners with the Cybersecurity and Infrastructure Security Agency (CISA) and other industry leaders to share actionable intelligence and insights into exploitation activities relating to this and other critical security vulnerabilities.
Reference - Broadcom Response to Spring4Shell Vulnerability