Check Point Response to CVE-2022-21449 - Java "Psychic Signatures"

Symptoms - On April 20, 2022, security researcher Neil Madden published a blog post in which he provided details about a newly disclosed vulnerability in Java, CVE-2022-21449 or "Psychic Signatures". This security vulnerability originates in an incorrect implementation of the ECDSA signature...

Check Point Response to Spring Vulnerabilities CVE-2022-22963, CVE-2022-22946, CVE-2022-22947, CVE-2022-22965 (Spring4Shell), CVE-2022-22950

Solution On March 29, 2022, new CVEs were published on Spring Cloud: CVE-2022-22963, CVE-2022-22946, CVE-2022-22947, and CVE-2022-22950. On March 31, 2022, a bypass to the fix for CVE-2010-1622 was published by Praetorian, and received the nickname "Spring4Shell" see Spring Core on JDK9+ is...

Check Point Response to Apache Log4j Remote Code Execution

Solution On December 10, 2021, a proof of concept of a vulnerability in the Apache Log4j Java library CVE-2021-44228 was published. The vulnerability may allow unauthenticated threat actors to obtain remote code execution. The severity of the vulnerability was deemed critical. The Check Point...