On January 3, 2018, the National Cybersecurity and Communications Integration Center (NCCIC) became aware of a set of security vulnerabilities—known as Meltdown () and Spectre ()— that affect modern computer processors. Exploitation of these vulnerabilities could allow an attacker to obtain access to sensitive information.
After the January 3 announcement, the SpringCM Security team immediately evaluated the systems affected by these vulnerabilities and completed an assessment on the likelihood and impact. At this point no systems appear to be compromised and an ongoing monitoring system is in place to alert on suspicious events. As vendors continue to release updates to the most stable releases of their software, SpringCM will continue to remediate these vulnerabilities.
Re: CVE-2017-5715, CVE-2017-5753, CVE-2017-5754