Exploiting framework vulnerabilities
The zero day vulnerability “Log4Shell” has been a serious concern in many organizations and forced many Chief Information Security Officers and IT leaders to revise their open source strategy. This vulnerability has existed since 2013 and still requires the attention of IT departments to the extent that the vulnerability keeps making the news in new manifestations. Due to the increased vigilance, the negative consequences of the subsequent vulnerability in the Java framework “Spring” (Spring4Shell) were less far-reaching. Fortunately, companies rethought their security measures and were able to react much faster by means of extended vulnerability management and continuous threat intelligence through specialists.
Again the current threat situation shows that it pays off to take precautions in cyber security: Serious vulnerabilities, that are also relatively easy to exploit, require those responsible to make decisions and react quickly, especially if the manufacturer is slow in fixing the vulnerability. The most recent example is the “Follina” vulnerability in the Microsoft environment.