Here you will find our responses to found vulnerabilities and common security questions
CVE-2022-22965 Spring Framework RCE via Data Binding on JDK 9+
April 11, 2022
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Apache Tomcat as a WAR servlet deployment.
While LinkStar currently utilizes an affected version of the Spring Framework, LinkStar deployments only exist as executable JARs. TS Partners does not distribute WAR deployments of LinkStar.
CVE-2021-34484: Sitel/Sykes breach affecting Okta
March 31, 2022
Sitel, cited a legacy network from its 2021 acquisition Sykes Enterprise as the cause of the security incident that affected access management provider Okta.
Okta revealed that it notified Sitel of the breach on January 20, 2022 and the full report on the incident was not available from Sitel until March. During the intervening period, the extortion group Lapsus$ released data from Okta that was obtained through the compromise of Sitel’s systems.
TS Partners brings this information to client attention as Okta is an enterprise access management provider at a number of organizations.
CISA Alert (AA22-011A) Understanding Russian State-Sponsored Cyber Threats to U.S. Infrastructure
February 21st, 2022
A Joint Cybersecurity Advisory (CSA) has been authored by the Cybersecurity and Infrastructure
Security Agency (CISA), Federal Bureau of Investigation (FBI), and National Security Agency
(NSA) to provide organizations with an overview of Russian state-sponsored cyber operations,
tactics, and techniques.
TS Partners has evaluated its environment proactively to ensure potential threats are
identified and mitigated.
As background: TS Partners is not an ASP/Service Bureau; TSP does not use cloud, contractors,
sub-contractors or other third-parties in the development and support of the application
software licensed to clients.
The Apache Software Foundation has released a security advisory to address a remote code
execution vulnerability affecting Log4j versions. A remote attacker could exploit this
vulnerability to take control of an affected system. Log4j is an open-source, Java-based
logging utility widely used by enterprise applications and cloud services.
FireEye has given the incident an identifier of UNC2452 and the trojanized version of the SolarWinds Orion component is being called “Sunburst.” Microsoft has used the “Solorigate” identifier for the malware and added detection rules to its Defender antivirus. SolarWinds has issued a separate customer advisory for the incident.