OpenAthens and the Spring4Shell vulnerability
Incident
Report for OpenAthens
Resolved
After investigation we have found that we are not affected by the Spring4Shell vulnerability. No action is required by our customers regarding this matter.
If you have any questions or concerns, please reach out to the OpenAthens Service Desk at help@openathens.net or via the Service Desk portal.
If you have any questions or concerns, please reach out to the OpenAthens Service Desk at help@openathens.net or via the Service Desk portal.
Identified
Customers may have seen the news about a vulnerability related to Spring Framework (https://spring.io/projects/spring-framework) disclosed on 31 March 2022 (CVE-2022-22965). The OpenAthens team have been monitoring this issue since then and are taking steps to remediate where necessary.
We will continue to monitor the situation as it evolves, and we are positioned to deploy recommended countermeasures and patches if any are required.
No action is required by customers relating to OpenAthens products, and no service interruptions or security incidents have been detected.
If you are a user of Shibboleth please read the following documentation regarding this vulnerability at https://shibboleth.atlassian.net/wiki/spaces/IDP4/pages/1265631889/SecurityAdvisories
If you have any questions arising from this, please contact the OpenAthens Service Desk at help@openathens.net.
We will continue to monitor the situation as it evolves, and we are positioned to deploy recommended countermeasures and patches if any are required.
No action is required by customers relating to OpenAthens products, and no service interruptions or security incidents have been detected.
If you are a user of Shibboleth please read the following documentation regarding this vulnerability at https://shibboleth.atlassian.net/wiki/spaces/IDP4/pages/1265631889/SecurityAdvisories
If you have any questions arising from this, please contact the OpenAthens Service Desk at help@openathens.net.
This incident affected: Authentication Point.