CVE-2022-22950 : Spring Framework Denial of Service (DoS) Vulnerability
In Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.
Is UIM impacted by this vulnerability?
UIM is not impacted by this vulnerability. It requires the user to provide a specially crafted SpEL expression, however, UIM does not accept such expressions and there is no way for the user to access this vulnerability.
6/17/2022 : 10:49am ET - initial article creation
11/3/2022: 12:08pm ET - updated KB with details on why we are not impacted.