Hello Folks. This is an urgent requirement to use BigFix to query the below details, SO please help me how to write the query for that.
CyberSecurity has just alerted me to a 0-day vulnerability which is called SpringShell or Spring4Shell. FCyberSecurity has only recently begun to put together the components by which the vulnerability will exploit a given system or systems. However, we would like to fully understand the potential UNIX/Linux servers that could be exposed by this latest vulnerability (i.e., attack surface). As a result, could you please write a script OR utilize BigFix to query the UNIX and Linux servers for the below-installed components?
• Java 9 or greater
• spring-beans*.jar
Below are a few links that have been shared with me related to this vulnerability:
• SpringShell: Spring Core RCE 0-day Vulnerability - Cyber Kendra
• Spring4Shell: Security Analysis of the latest Java RCE ‘0-day’ vulnerabilities in Spring | LunaSec
Could you please help me on this , that how to write the query or analysis to get the results.