CVE-2022-22970 and CVE-2022-22971 on DE (dSeries) Web Client
search cancel

CVE-2022-22970 and CVE-2022-22971 on DE (dSeries) Web Client

book

Article ID: 247173

calendar_today

Updated On:

Products

CA Workload Automation DE

Issue/Introduction

We got a security finding for the following on DE (dSeries) Web Client.  

<web client install dir>/apache-tomcat/webapps/de/WEB-INF/lib/spring-core-5.2.2.RELEASE.jar

CVE-2022-22970, CVE-2022-22971

Spring Framework Denial of Service (DoS) Data Binding Vulnerability.

Environment

Release : 12.1, 12.2, 12.3

Component : WORKLOAD AUTOMATION DE (DSERIES) WEB CLIENT

Resolution

Workload Automation DE (dSeries) Web Client is not using the classes as mentioned in the vulnerabilities.

Hence, DE Web Client is not vulnerable to CVE-2022-22970 and CVE-2022-22971.