CVE-2022-22963 & CVE-2022-22965 for Jaspersoft Reporting 7.1 and 7.8
search cancel

CVE-2022-22963 & CVE-2022-22965 for Jaspersoft Reporting 7.1 and 7.8

book

Article ID: 240093

calendar_today

Updated On:

Products

Clarity PPM On Premise

Issue/Introduction

According to the knowledge article 

CVE-2022-22963 & CVE-2022-22965

This is not clear if we have to use Tomcat(9.0.62) for JS 7.1 environment as well. The JS 7.1 uses java 8, so we are not sure if this required.

 

Environment

Release : 16.0.1

Component : PPMJSP

Resolution

This vulnerability is not present in JDK 8.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22965

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.

 

So, no changes are needed for JS 7.1.