Spring4Shell Security Issue

Updated May 25, 2022

The TS Imagine team is aware of the security issues being referred to as “Spring4Shell,” including CVE-2022-22963 and CVE 2022-22965.

We have reviewed our exposure to the Spring4Shell vulnerability as described in CVE-2022-22963 and CVE 2022-22965 and can confirm no evidence of Spring4Shell compromise against our systems or services.

We have implemented mitigating controls against systems where Spring is present and are currently progressing a full patching plan. Further, we are also monitoring third-party services presently in use.

At this time, our analysis shows the following: 

Product/Service Status 
Imagine Trading System – InfrastructureNot vulnerable.
MyImagine Not vulnerable.
Risk Aggregator Not vulnerable.
Margin Fully patched.
RRC  Fully patched.
Risk Batch Web Services – Client Not vulnerable.
Risk Batch Web Services – InfrastructureNot vulnerable.
Risk Infrastructure Services Not vulnerable.
Support PortalNot vulnerable.
TSNextNot vulnerable.
TradeSmart Client Portal Not vulnerable.
TradeSmart Not vulnerable.
Additionally: 
  • TS Imagine is deploying additional protections to block external attacks.
  • TS Imagine is implementing all recommended third-party patches and/or mitigating controls.