disabled
Back To Udemy

Sign in
English (US) Deutsch Español Français (France) 日本語 한국어 Português 简体中文
  • Sign in
  • English (US) Deutsch Español Français (France) 日本語 한국어 Português 简体中文
Search for solutions
Student Topics
Instructor Topics
Udemy Business Topics
Read article
Combined Results
Do these help?
What's this?
Udemy Business
If you need assistance, please reach out to {{HREF}}
See all {{COUNT}} articles
  1. Udemy Business
  2. Troubleshooting
  3. Troubleshooting - General

Udemy’s Response to the Spring Framework Vulnerability

Recently, security researchers identified three remote code execution (RCE) vulnerabilities related to the Spring Framework (CVE-2022-22965, CVE-2022-22963, CVE-2022-22947). In addition, there is a fourth DoS vulnerability with Spring that has medium criticality, CVE-2022-22950.

Since these issues were first discovered, Udemy’s Security team has been working diligently to review and protect Udemy’s systems. At this point, there are no indicators that these vulnerabilities have negatively affected any company or personal data.

For high-risk, high-impact vulnerabilities such as these, our teams take a number of immediate steps, including testing to confirm levels of vulnerability, restricting network connections, and applying software or system updates or workarounds where necessary. Our Security and Engineering teams will monitor our environment, critical sub-processors, and vendors for instances of these vulnerabilities, attempted attacks, and notices from our contracted third parties.

As we obtain additional information, we will provide updates through this page. Our Security team is working diligently to ensure our systems are safeguarded as security researchers’ recommendations evolve, so we’re currently unable to provide custom responses. For detailed information on our response approach, please refer to the frequently asked questions below. 

Have you updated to a safer version of Spring Framework?

In each case where vulnerable versions of Spring Framework or related offerings were previously in use, we undertake careful remediation efforts, such as upgrading to a recommended newer version or implementing recommended workarounds. We have also adjusted our layered defenses to protect our systems more globally.

When will the remediation be complete?

Udemy’s Security team is monitoring recommendations from security experts and vendors as the Spring Framework vulnerabilities attack patterns evolve, and our remediation and mitigation efforts will continue as these recommendations are shared.  

Has customer data been compromised?

At this point, there are no indicators that this vulnerability has negatively affected any company or personal data. 

Are you asking third-party vendors used in your environment about the impact of Spring Framework on them?

Udemy has reached out to key Udemy Business subprocessors, and we apply updates to tooling as our vendors release them. 

Was this article helpful?
0 out of 0 found this helpful

Related articles

  • Udemy’s Response to the Log4J Vulnerability
  • Configure SCIM Provisioning With Okta
  • Udemy Business API Reference
  • What is Udemy Business Pro?
  • How to Resolve Formatting Issues for Data Export Reports in Microsoft Excel
Contact Us

Related articles

  • Udemy’s Response to the Log4J Vulnerability
  • Configure SCIM Provisioning With Okta
  • Udemy Business API Reference
  • What is Udemy Business Pro?
  • How to Resolve Formatting Issues for Data Export Reports in Microsoft Excel

Need Help?

Contact Us
'Udemy’s Response to the Spring Framework Vulnerability',
English (US) Deutsch Español Français (France) 日本語 한국어 Português 简体中文
  • Udemy.com
  • About us
  • Events
  • News
  • Investor Relations
  • Careers
  • Terms & conditions
  • Privacy policy
  • Sitemap
  • Accessibility statement
Udemy
© 2022 Udemy, Inc.
true