We got a security finding for the following on DE (dSeries) Web Client.  

<web client install dir>/apache-tomcat/webapps/de/WEB-INF/lib/spring-core-5.2.2.RELEASE.jar

CVE-2022-22970, CVE-2022-22971

Spring Framework Denial of Service (DoS) Data Binding Vulnerability.

Release : 12.1, 12.2, 12.3

Component : WORKLOAD AUTOMATION DE (DSERIES) WEB CLIENT

Workload Automation DE (dSeries) Web Client is not using the classes as mentioned in the vulnerabilities.

Hence, DE Web Client is not vulnerable to CVE-2022-22970 and CVE-2022-22971.