ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

APM 10.7 - Spring 4.3.30 vulnerability CVE BDSA-2022-0820


Article ID: 239191


Updated On:


CA Application Performance Management (APM / Wily / Introscope)


Blackduck scans have defected vulnerability in Spring 4.3.30.

Spring-Framework Vulnerable to Denial-of-Service (DoS) via Crafted SpEL Expression

BDSA-2022-0820 PublishedMar 29, 2022
UpdatedMar 29, 2022

How to fix it

Solution - Fix Available

Fixed in version 5.3.17 by this commit.

The latest stable releases can be found here.

No Workaround

Score: 6.5 (medium)
I have not found a CVE record for this yet.
Scanned Introscope version:


This vulnerability issue is related to defect DE532144

All the security vulnerabilities are fixed in the latest Spring Framework 5.3.18:
We will upgrade it to the latest 5.3.18 in  APM 10.8.1 to completely resolve the vulnerabilities.


Release : 10.7.0

Component : Introscope


No solution or workaround available at the present time

Additional Information