CVE-2022-22950 Spring framework vulnerability in AA Admin and UDS in a medium priority vulnerability related to AA Admin UI and AA UDS.
Refer to this link for this CVE-2022-22950 --- https://nvd.nist.gov/vuln/detail/CVE-2022-22950
Release : 9.1
Component : AuthMinder(Arcot WebFort) Strong Authentication
RiskMinder (Arcot RiskFort) Risk Authentication
In Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL (Spring Expression Language) expression that may cause a denial of service condition.
This is medium level vulnerability. As of the last update of this article on September 14th, 2022. The older unsupported versions of Spring Framework is not used in AA Admin and UDS components (in AA Service Pack 4 - aka SP4). 9.1SP4 is already release and can be downloaded from the Support site.
None.