Our security team hit us for the following vulnerability.
I upgraded CAPM to 22.2 and they found this vulnerability.
Release : 22.2.1 and older
Component : DX NetOps Performance Management Vulnerabilities
We are currently embedding activemq-5.16.x which contains a vulnerable version of spring.
Broadcom will embed activemq-5.17.x in a future build.
This will include spring 5.3.20+
the tentative target is to include activemq-5.17.2 in Performance Management 22.2.3 (as of sep 26, 2022)
this is subject to change.