Spring4Shell Vulnerability Notification

Spring4Shell Vulnerability Notification

Published: April 7, 2022

Version: 1.0

Executive Summary

AvePoint is releasing this security advisory to inform customers that we are aware of the Spring4Shell CVE-2022-22965 vulnerability.

Advisory Details

AvePoint products do not use Java and are not affected by the incident. We are evaluating the risk to our infrastructure and supply chain for any possible indirect exposure to this vulnerability and have found no indication of impact.

Suggested Actions

Security Actions - No additional action is required.

Mitigation Steps - Not needed at this moment.

AvePoint implements best-in-class techniques for identifying, protecting, and detecting cybersecurity threats.

The information security and data privacy of our customers is AvePoint’s highest priority. If you have any questions about this and/or you are contacted by anyone else about this issue, please contact our security team immediately at security@avepoint.com.

For your additional information please find AvePoint’s reporting policy and response plan: https://www.avepoint.com/company/vulnerability-reporting-policy/