The following vulnerabilities have been identified on the Spectrum OneClick servers running NetOps version 21.2.8.0.32.
=============================
CVE-2022-22970 - In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.
https://nvd.nist.gov/vuln/detail/CVE-2022-22970
CVE-2022-22971 - In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.
https://nvd.nist.gov/vuln/detail/CVE-2022-22971
Release : 21.2
Component : DX NetOps Spectrum Vulnerabilities
In release 21.2.12 DX NetOps Spectrum includes the following:
$SPECROOT/tomcat/lib - Spring jars of version 5.3.20
$SPECROOT/tomcat/webapps/axis2/WEB-INF/lib - Spring jars of version 5.3.18
Spring Framework Updates
NetOps 22.2.2 - 5.3.22
NetOps 21.2.12 - 5.3.20
NetOps 21.2.10 - 5.3.18