DLP is not vulnerable to CVE-22950, CVE-2022-22970 or CVE-2022-22971.
These issues do not impact DLP:
CVE-2022-22950 | Spring DoS vulnerability | DLP does not use Spring Expression language and is not vulnerable. |
CVE-2022-22970 | Spring framework DoS via data binding to MultipartFile or Servlet Part | DLP does not allow untrusted file uploads and is not impacted. |
CVE-2022-22971 | Spring Framework DoS with STOMP over WebSocket |
DLP does not use WebSocket protocol and is not impacted. |
Release: 15.7/15.8/16.0/16.0.1
Component: DLP Enforce
DLP is not vulnerable, no action required.
A feature request has been submitted to update the files in question to resolve any false positives.
The files were updated on DLP 16.0.2 (RU2) and this version doesn't have the false positives. Same for DLP 16.1.