Intercom has completed the investigation on its internal systems regarding the security issue in the open-source Spring Framework “Spring4Shell" ( CVE-2022-22965 ) and found that we were not affected.
While we are still completing follow ups with some of our sub-processors, we found no evidence of compromise.
In the unlikely event that Intercom becomes aware of any unauthorized access to customer data through our sub-processors, we will notify impacted customers without undue delay.
Posted Apr 14, 2022 - 13:53 UTC
Intercom is aware of the security issue relating to the open-source Spring Framework “Spring4Shell".
Spring is a Java-based framework found in a wide number of software products.
The CVE-2022-22965 vulnerability (aka the “Spring4Shell” vulnerability) was disclosed by the Spring Framework project. If exploited, this vulnerability could potentially allow a remote attacker to execute code on the affected server.
Once this vulnerability was publicly disclosed on 31st March 2022, Intercom promptly began an audit of all our software, infrastructure, as well as engaging with our software vendors to determine potential impact. Thus far we have not discovered any impact on our product and infrastructure.
If Intercom becomes aware of any unauthorized access to customer data, we will notify impacted customers without undue delay.
This page will be updated in the future if any more information becomes available.