Does 14.4 ship with, have repackaged, or utilize the affected classes and/or jar outlined in the CVE listed in the subject?

CVE-2022-42889 is a newly listed vulnerability as of Oct 13, 2022:

https://nvd.nist.gov/vuln/detail/CVE-2022-42889#range-8454284

This is a code script injection vulnerability, base score 9.8 Critical.

Release : 14.4

Engineering confirmed that there are no vulnerabilities from CVE-2022-42889 for IDM.  

The vulnerable jar file, commons-text-*.jar,  is not shipped with or used by IDM or any Identity Suite components.

CVE-2022-42889 doesn't affect IDM or vApp.