Information Security: Spring4Shell

You may be aware that a vulnerability in the widely used Spring Framework was recently discovered. EquiLend became aware of this vulnerability through its information security surveillance process and has been actively assessing its impact, both internally and with our third-party suppliers, on an ongoing basis since then.

• EquiLend has confirmed both internally and with our critical third-party suppliers limited exposure to the “Spring4Shell” vulnerability.
• Following thorough investigations, we have not detected any exploits of this vulnerability on our systems. EquiLend’s critical third-party suppliers also have confirmed that they have not detected any exploit attempts.
• We are continuing our impact assessment and following guidance from Spring and CISA on our remediation plan.

Due to our robust cybersecurity protocols and defense-in-depth strategy, we are confident that the risk of this vulnerability on EquiLend’s systems is limited. We continue to monitor our environment and will update our clients if anything should change. 

Clients may contact EquiLendITSecurityReporting@equilend.com with any additional questions.