Spring Java Framework vulnerabilities - update

May 24, 2022

*This is an update to the April 1, 2022 post regarding the same topic.

ADP is aware of the Spring Java Framework, “Spring4Shell”, or “SpringShell” vulnerabilities.

ADP is following our patching processes, prioritizing and applying all necessary patches, while continuing to monitor for any potential impacts to our systems. At this time, we can confirm no ADP solutions have been accessed and no client data has been compromised.

ADP’s layered defense includes technologies and controls to identify and/or prevent these types of threats, including assessing vulnerabilities and applying appropriate protection and detection control updates.

ADP’s Global Security Organization continues to actively monitor and respond to this developing situation as it does with all reported vulnerabilities. Clients are encouraged to visit ADP’s website at www.adp.com/trust to see Security Alerts to learn more about how ADP protects data, and how clients can help protect themselves.

Protecting our clients and their data from malicious activity is a top priority for ADP