Security firms track attempts to exploit Spring4Shell vulnerability in first four days. Trend Micro confirms first known large-scale operation successfully targeting the vulnerability. U.S. Cybersecurity and Infrastructure Security Agency warns organizations to patch this vulnerability at earliest opportunity. CISA has assigned a deadline of April 25, 2022, for all federal civilian agencies to identify and remediate the vulnerability on their information systems. The Spring Framework RCE vulnerability, which is tracked as CVE-2022-22965, affects the Spring MVC and Spring WebFlux applications.”]
Source: https://www.databreachtoday.com/no-log4j-but-spring4shell-exploitation-attempts-increase-a-18869