Does 14.4 ship with, have repackaged, or utilize the affected classes and/or jar outlined in the CVE listed in the subject?
CVE-2022-42889 is a newly listed vulnerability as of Oct 13, 2022:
This is a code script injection vulnerability, base score 9.8 Critical.
Release : 14.4
Engineering confirmed that there are no vulnerabilities from CVE-2022-42889 for IDM. The vulnerable jar file, commons-text-*.jar, is not shipped with or used by IDM or any Identity Suite components. CVE-2022-42889 doesn't affect IDM or vApp.