Spring4Shell: A Java Spring Framework Remote Code Execution vulnerability

LivePerson, like the majority of the technology industry, has actively engaged in the review of and remediations for CVE-2022-22965, referred to as the Spring4Shell vulnerability.

Continuous monitoring of internet facing and active services is ongoing and to date, no openly vulnerable LivePerson service has been discovered as being available on our public interfaces.

Our Engineering and Security teams continue to monitor the progression of the Spring4Shell situation. This includes the monitoring for activity both externally and internally, using our centralized security systems to act upon any situation relating to this and any other security matter. 
It also includes monitoring any evolving secondary vulnerabilities to Spring4Shell.  
The LivePerson Leadership team is actively engaged in overseeing these activities.

We know that Spring4Shell is a significant vulnerability and are committed to working closely with our customers and partners to determine and address potential impacts as quickly as possible. Our customers' security and success are our top priority. We will update if and when the situation changes. 

Subscribe for updates