CVE-2022-42889 was published in the National Vulnerability Database on 13 October, 2022. More information can be found here. (https://nvd.nist.gov/vuln/detail/CVE-2022-42889)
The vulnerability is caused with the use of Apache Commons Text 1.5 through 1.9.
Are the Service Management products vulnerable?
2022-10-20: CA 2E, CA Plex and Harvest Software Change Manager are not vulnerable.
2022-10-19: Broadcom Support and Engineering is looking into this on priority. Please check back in this article regularly for updates.