APM 10.7 - Spring 4.3.30 vulnerability CVE BDSA-2022-0820
search cancel

APM 10.7 - Spring 4.3.30 vulnerability CVE BDSA-2022-0820


Article ID: 239191


Updated On:


CA Application Performance Management (APM / Wily / Introscope)


Blackduck scans have defected vulnerability in Spring 4.3.30.

Spring-Framework Vulnerable to Denial-of-Service (DoS) via Crafted SpEL Expression

BDSA-2022-0820 PublishedMar 29, 2022
UpdatedMar 29, 2022

How to fix it

Solution - Fix Available

Fixed in version 5.3.17 by this commit.

The latest stable releases can be found here.

No Workaround

Score: 6.5 (medium)
I have not found a CVE record for this yet.
Scanned Introscope version:


Release : 10.7.0

Component : Introscope


This vulnerability issue is related to defect DE532144

All the security vulnerabilities are fixed in the latest Spring Framework 5.3.18: https://mvnrepository.com/artifact/org.springframework/spring/5.3.18
We will upgrade it to the latest 5.3.18 in  APM 10.8.1 to completely resolve the vulnerabilities.


No solution or workaround available at the present time

Additional Information