Confirmed remote code execution (RCE) in Spring Core, an extremely popular Java framework (CVE-2022-22965)

Posted on March 30, 2022 in Software Frameworks, Libraries, and Components

Praetorian has confirmed that a remote code execution vulnerability exists in Spring, an extremely popular Java framework. How broadly this impacts the Spring ecosystem remains unclear. The flaw has been assigned a bug alert severity of 'critical'.


Continue reading

Unauthenticated user impersonation (auth bypass) in SAP

Posted on February 08, 2022 in Services & System Applications

A request smuggling issue in SAP NetWeaver, SAP Content Server, and SAP Web Dispatcher allows unauthenticated user impersonation. These systems are commonly Internet-facing. The flaw has been assigned a bug alert severity of 'critical', and the vendor has supplied patches.


Continue reading

RCE in Log4j

Posted on December 09, 2021 in Software Frameworks, Libraries, and Components

A remote code execution vulnerability has been found in the popular Java logging library Log4j. This issue is easily exploited in common configurations, and has been assigned a bug alert severity of 'critical'.


Continue reading