The following 4 critical and high vulnerabilities were identified from the scan of the RemoteCacheAssertion-1.5.0.aar assertion:
Release : 10.0
Component : API GATEWAY
1. Gateway is not vulnerable to these CVEs as geode-core and its dependent libraries are not used when the backend cache is Redis.
All other libraries are dependent libraries of geode-core
2. About Spring vulnerability: Layer7 Gateway does not use WAR packaging and spring’s parameter binding feature, with the available details so far this vulnerability does not apply to Gateway i.e. Gateway is Not vulnerable. You can read more about this here: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/Layer7-API-Gateway---Security-Advisory-for-Spring-CVE-2022-22965/20443