News

News and Press Releases

Update for verinice REST service closes vulnerability

Last week, a vulnerability - now known as Spring4Shell - was discovered in the Spring framework. It is registered as CVE-2022-22965, technical details can be found in this article, among others: https://snyk.io/blog/spring4shell-zero-day-rce-spring-framework-explained/

verinice.PRO is only affected under certain conditions: Only if the verinice-REST-Service is installed on the server. In a standard installation of verinice.PRO, the verinice REST service is generally not included. The verinice single-user version is not affected by this vulnerability at all.

Since the verinice REST service can be affected by the vulnerability under certain circumstances, the verinice team has created a new version of this application. This closes the vulnerability and is available via the verinice GitHub repository: https://github.com/SerNet/verinice-rest-service/releases/tag/0.5. We recommend updating to this new version 0.5 if you have the verinice REST service installed.

Please contact our support if you have further questions or need help.

Search News

Press contact:

Claudia Krell
presse@remove-this.sernet.de

Archive:

Update for verinice REST service closes vulnerability

Last week, a vulnerability - now known as Spring4Shell - was discovered in the Spring framework. It is registered as CVE-2022-22965, technical details can be found in this article, among others: https://snyk.io/blog/spring4shell-zero-day-rce-spring-framework-explained/

verinice.PRO is only affected under certain conditions: Only if the verinice-REST-Service is installed on the server. In a standard installation of verinice.PRO, the verinice REST service is generally not included. The verinice single-user version is not affected by this vulnerability at all.

Since the verinice REST service can be affected by the vulnerability under certain circumstances, the verinice team has created a new version of this application. This closes the vulnerability and is available via the verinice GitHub repository: https://github.com/SerNet/verinice-rest-service/releases/tag/0.5. We recommend updating to this new version 0.5 if you have the verinice REST service installed.

Please contact our support if you have further questions or need help.

Search News

Press contact:

Claudia Krell
presse@remove-this.sernet.de

Archive:

Deutsch English Lingua italiana Český jazyk
© SerNet GmbH, 2022