ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

CVE-2022-22963 & CVE-2022-22965 for Jaspersoft Reporting 7.1 and 7.8


Article ID: 240093


Updated On:


Clarity PPM On Premise


According to the knowledge article 

CVE-2022-22963 & CVE-2022-22965

This is not clear if we have to use Tomcat(9.0.62) for JS 7.1 environment as well. The JS 7.1 uses java 8, so we are not sure if this required.



Release : 16.0.1

Component : PPMJSP


This vulnerability is not present in JDK 8.

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.


So, no changes are needed for JS 7.1.