Spring4Shell Security Issue
Updated May 25, 2022
The TS Imagine team is aware of the security issues being referred to as “Spring4Shell,” including CVE-2022-22963 and CVE 2022-22965.
We have reviewed our exposure to the Spring4Shell vulnerability as described in CVE-2022-22963 and CVE 2022-22965 and can confirm no evidence of Spring4Shell compromise against our systems or services.
We have implemented mitigating controls against systems where Spring is present and are currently progressing a full patching plan. Further, we are also monitoring third-party services presently in use.
At this time, our analysis shows the following:
Product/Service | Status |
Imagine Trading System – Infrastructure | Not vulnerable. |
MyImagine | Not vulnerable. |
Risk Aggregator | Not vulnerable. |
Margin | Fully patched. |
RRC | Fully patched. |
Risk Batch Web Services – Client | Not vulnerable. |
Risk Batch Web Services – Infrastructure | Not vulnerable. |
Risk Infrastructure Services | Not vulnerable. |
Support Portal | Not vulnerable. |
TSNext | Not vulnerable. |
TradeSmart Client Portal | Not vulnerable. |
TradeSmart | Not vulnerable. |
Additionally:
- TS Imagine is deploying additional protections to block external attacks.
- TS Imagine is implementing all recommended third-party patches and/or mitigating controls.