We've recently come across CVE-2022-21449 which is of very high risk. Can you please check and confirm if this has impact on any of the Broadcom products?
CA Risk Auth and CA Strong Auth
Release : 9.1
Component : Strong Authentication
The bug only impacts Java 15 and above. The original advisory from Oracle incorrectly listed earlier versions (like 7, 8 and 11) as being impacted. They have since corrected this. Note that they now only list 17 and 18, because 15 and 16 are no longer supported.
Bouncy Castle is not impacted by this vulnerability. They have their own ECDSA implementation, and it performs the relevant check to prevent this bug.
Advanced Authentication components ( Strong Auth and Risk Auth) are not vulnerable because of the above reason.