Apache Spring4Shell Vulnerability

This page provides you with information concerning current developments regarding the Spring4Shell security loophole relative to our products

A critical loophole (Sprint4Shell) was discovered in the “Spring Core” Java library (refer to https://www.cve.org/CVERecord?id=CVE-2022-22965).

General information about the security loophole can be found at https://www.cyberkendra.com/2022/03/spring4shell-spring-confirmed-rce-in.html.

Spring Framework (Spring for short) is an open-source framework for the Java platform which is often used for web applications. The goal of Spring Framework is to simplify development with Java/Java EE and to promote good programming practices. With its broad range of functionality, Spring offers a holistic solution for the development of applications and their business logic with a focus on the decoupling of application components. (https://en.wikipedia.org/wiki/Spring_Framework)

Our following products are NOT affected by the critical loophole in the Spring4Shell Java library (CVE-2022-22965):

• IZYTRONIQ Business Starter, Advanced, Professional and Premium
• IZYTRONIQ Enterprise Premium
• IZYTRONIQ Collection Cloud and IZYTRONIQ Commercial Trades Package including the ELEXONIQ Inventory app and VISIONIQ
• IZYCHECK.IQ Self – Self-Service Portal at GMC-I Service GmbH
• NEXONIQ

• ETC - Electronic Testing Center
• PCDOC IQ including PCDOC Word/Excel and PCDOC Access
• METRAwin 10
• METRAwin 90
• Dran-View
• PQ-View
• EnergyMID-Tool
• EMC 5.x.

• METRACABLE Manager