search cancel

CVE-2022-22950 Spring-core framework vulnerability in Advanced Authentication Admin and UDS


Article ID: 241923


Updated On:


CA Risk Authentication CA Strong Authentication CA Advanced Authentication


CVE-2022-22950 Spring framework vulnerability in AA Admin and UDS  in a medium priority vulnerability related to AA Admin UI and AA UDS.

Refer to this link for this CVE-2022-22950 ---


Release : 9.1

Component : AuthMinder(Arcot WebFort) Strong Authentication

RiskMinder (Arcot RiskFort) Risk Authentication


In Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL (Spring Expression Language) expression that may cause a denial of service condition.


This is medium level vulnerability. As of the last update of this article on September 14th, 2022, AA Product Management's current ETA (Estimated Date of Arrival) for remediating this vulnerability is End of March 2023. The older unsupported versions of Spring Framework will not be used in AA Admin and UDS components (in AA Service Pack 4  - aka SP4). This article will be proactively updated but do reach out with a support case if this time frame has arrived and SP4 has not been released.

Additional Information