We got a security finding for the following on DE (dSeries) Web Client.
<web client install dir>/apache-tomcat/webapps/de/WEB-INF/lib/spring-core-5.2.2.RELEASE.jar
CVE-2022-22970, CVE-2022-22971
Spring Framework Denial of Service (DoS) Data Binding Vulnerability.
Release : 12.1, 12.2, 12.3
Component : WORKLOAD AUTOMATION DE (DSERIES) WEB CLIENT
Workload Automation DE (dSeries) Web Client is not using the classes as mentioned in the vulnerabilities.
Hence, DE Web Client is not vulnerable to CVE-2022-22970 and CVE-2022-22971.