CVE-2022-22963 & CVE-2022-22965 for Jaspersoft Reporting 7.1 and 7.8
Article ID: 240093
Updated On:
Products
Clarity PPM On Premise
Issue/Introduction
According to the knowledge article
CVE-2022-22963 & CVE-2022-22965
This is not clear if we have to use Tomcat(9.0.62) for JS 7.1 environment as well. The JS 7.1 uses java 8, so we are not sure if this required.
Environment
Release : 16.0.1
Component : PPMJSP
Resolution
This vulnerability is not present in JDK 8.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22965
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.
So, no changes are needed for JS 7.1.
Feedback
Yes
No
Powered by
