search cancel

Spring Framework Denial of Service (DoS) Data Binding Vulnerability - CVE-2022-22970 and CVE-2022-22971 in DLP


Article ID: 244018


Updated On:


Data Loss Prevention Endpoint Prevent Data Loss Prevention


DLP is not vulnerable to CVE-2022-22970 and CVE-2022-22971. 

Both issues do not impact DLP:

CVE-2022-22970 Spring framework DoS via data binding to MultipartFile or Servlet Part DLP does not allow untrusted file uploads and is not impacted.
CVE-2022-22971 Spring Framework DoS with STOMP over WebSocket DLP does not use WebSocket protocol and is not impacted.





Release: 15.7/15.8

Component:  DLP Enforce


DLP is not vulnerable, no action required.



Additional Information

A feature request has been submitted to update the files in question to resolve any false positives.
To be added to the feature request please open a support case with Broadcom and reference this KB.