Header
Spring4Shell Vulnerability Update
Incident Report for Guidewire
Resolved
Guidewire has concluded tracking Spring4Shell on the status page. Please open a Community case if you have additional questions, as Guidewire will continue to monitor updates accordingly.
Posted May 19, 2022 - 14:20 PDT
Update
Based on our investigation and publicly available information, the Guidewire security team has found no impact to Guidewire systems or the customer data they contain. At this time we do not expect to take further actions on this issue beyond regular maintenance but, we will continue to monitor the situation and take appropriate actions as new information is released to the public. Customers are still advised to check their customizations and configurations in their deployments to ensure that exploitability conditions have not been introduced. We will keep you, our valued customers, and partners, updated as appropriate.
Posted Apr 09, 2022 - 18:58 PDT
Monitoring
Guidewire is aware of the recently reported Spring4shell vulnerability that may be exploited though the internet by threat actors across the globe. Guidewire has immediately put security controls in place and is actively investigating the vulnerability with highest priority. Based on evaluation of currently available information, the Guidewire security team has found no impact to Guidewire systems or the customer data they contain. However, customers are advised to check their customizations and configurations in their deployments to ensure that these conditions have not been introduced. We will continue to monitor this rapidly evolving situation, along with continued monitoring of our systems, and take appropriate actions as new information is released to the public. We will keep you, our valued customers, and partners, updated as appropriate.
Posted Apr 01, 2022 - 13:20 PDT