Skip to main content
Technical Notice

FINRA Statement Regarding Spring4Shell

April 04, 2022

FINRA is aware of the critical Spring4Shell vulnerability and has taken immediate steps to neutralize the risk. Our mitigation tactics include defining alerts for exploit attempts, implementing web application firewall (WAF) rules designed to prevent exploitation of the vulnerability, conducting scans to confirm WAF rules are working as expected, and updating Spring libraries used in our self-developed applications. FINRA will continue to track this vulnerability, monitor our network, and apply software updates as they become available. We will adjust our mitigation efforts if necessary as the situation evolves.