SAP Knowledge Base Article - Preview

3170743 - Spring4Shell: Zero-Day Vulnerability in Spring Framework on SAP Upscale


A zero-day remote code execution (RCE) vulnerability has come to light in the Spring framework.
Spring is a software framework for building Java applications, including web apps on top of the Java EE (Enterprise Edition) platform.
Additional details of the flaw, dubbed "SpringShell" and "Spring4Shell," have been withheld to prevent exploitation attempts and until a fix is in place by the framework's maintainers,, a subsidiary of VMware. It's also yet to be assigned a Common Vulnerabilities and Exposures (CVE) identifier.



SAP Upscale Commerce all versions


Spring4Shell Spring Framework RCE Zero Day Zero-Day Vulnerability , KBA , CEC-USC , SAP Upscale Commerce , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.