Security

 View Only
last person joined: yesterday 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Spring Framework

This thread has been viewed 42 times
  • 1.  Spring Framework

    Posted Apr 01, 2022 06:06 AM
    Hi All,

    As an Aruba partner, we are being asked a lot about the Spring Framework zero day vulnerability.

    Is anyone aware if any of the Aruba products are effected by this? I cant see why any of them would be effected, but would just like confirmation.

    Thanks,

    ------------------------------
    Ben Casey
    ------------------------------


  • 2.  RE: Spring Framework

    EMPLOYEE
    Posted Apr 01, 2022 01:50 PM
    Please email sirt@arubanetworks.com

    https://www.arubanetworks.com/support-services/sirt/

    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
    ------------------------------



  • 3.  RE: Spring Framework

    Posted Apr 05, 2022 12:40 PM
    For anyone that's curious, this was the response from Aruba SIRT, I'll post any updates here.


    "
    We are aware of CVE-2022-22965 (SpringShell) and are currently in the process of investigating it. As of now, we have not found any evidence to suggest we are affected by the vulnerability for any of our products. Should that change, a security advisory will be posted here:


    ------------------------------
    Ben Casey
    ------------------------------



  • 4.  RE: Spring Framework

    Posted Apr 04, 2022 11:10 AM
    Hi Ben,

    Did you get an answer for this question from SIRT?

    Thank you,

    Jeremy

    ------------------------------
    Jeremy Lasher
    ------------------------------



  • 5.  RE: Spring Framework

    Posted Apr 05, 2022 03:57 AM
    Hi Jeremy,

    Sadly I wasn't able to chase this up yet.

    I have just sent them an email now and i will update this thread once I get a response for you.

    Thanks,
    Ben

    ------------------------------
    Ben Casey
    ------------------------------



  • 6.  RE: Spring Framework

    EMPLOYEE
    Posted May 03, 2022 11:49 AM
    In the meanwhile, there is a bulletin posted on https://www.arubanetworks.com/support-services/security-bulletins/ which shows No affected products.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------