Products that are affected by SpringShell vulnerability: Vitrea Advanced Visualization (all versions prior to 7.14.x).Products that are not affected by SpringShell vulnerability:
A mitigation strategy is currently being researched and developed. Specific combinations of Apache Tomcat and the Spring Boot executable are susceptible to a remote code execution (RCE) vulnerability. This vulnerability is affecting the entire software industry, including some Canon Medical Informatics products. If you have any questions, please contact our support team.Ī critical vulnerability, CVE-2022-22965, has been identified in Spring Framework. Products that are affected by CVE-2022-37461:Īll customers currently running a version of Vitrea View 7.7.x prior to 7.7.6 should upgrade to the latest Vitrea View version.Ĭanon Medical recommends that all customers run Vitrea View behind a web application firewall and/or load balancer to provide additional layers of security as part of a “defense in depth” or “zero trust security” posture. Vitrea Read (formerly known as Easy Viz).Products that are not affected by this Vitrea View vulnerability: No patient information was accessed or exfiltrated. This vulnerability was brought to Canon Medical’s attention as part of a routine penetration test in a testing environment, was fixed, and was included in Vitrea View 7.7.6, released Ap.
Both exploits involve attackers creating URLs that point to vulnerable Vitrea View installations and which contain malicious code, and the “post-authorization” exploit also requires convincing an authenticated Vitrea View user to click on the malicious link. This vulnerability has two methods of attack – a “pre-authorization” exploit and a “post-authorization” exploit. An unscored (as of September 30, 2022) vulnerability, CVE-2022-37461, has been identified in Vitrea View versions prior to 7.7.6.
0 kommentar(er)
