Spring4Shell Security Issue
Updated May 25, 2022
The TS Imagine team is aware of the security issues being referred to as “Spring4Shell,” including CVE-2022-22963 and CVE 2022-22965.
We have reviewed our exposure to the Spring4Shell vulnerability as described in CVE-2022-22963 and CVE 2022-22965 and can confirm no evidence of Spring4Shell compromise against our systems or services.
We have implemented mitigating controls against systems where Spring is present and are currently progressing a full patching plan. Further, we are also monitoring third-party services presently in use.
At this time, our analysis shows the following:
| Product/Service | Status |
| Imagine Trading System – Infrastructure | Not vulnerable. |
| MyImagine | Not vulnerable. |
| Risk Aggregator | Not vulnerable. |
| Margin | Fully patched. |
| RRC | Fully patched. |
| Risk Batch Web Services – Client | Not vulnerable. |
| Risk Batch Web Services – Infrastructure | Not vulnerable. |
| Risk Infrastructure Services | Not vulnerable. |
| Support Portal | Not vulnerable. |
| TSNext | Not vulnerable. |
| TradeSmart Client Portal | Not vulnerable. |
| TradeSmart | Not vulnerable. |
Additionally:
- TS Imagine is deploying additional protections to block external attacks.
- TS Imagine is implementing all recommended third-party patches and/or mitigating controls.
