CVE-2022-42889 - Nolio Release Automation
search cancel

CVE-2022-42889 - Nolio Release Automation


Article ID: 252608


Updated On:


CA Release Automation - DataManagement Server (Nolio) CA Release Automation - Release Operations Center (Nolio)


CVE-2022-42889 was published in the National Vulnerability Database on 13 October, 2022.  More information can be found here. 

The vulnerability is caused with the use of Apache Commons Text 1.5 through 1.9.  Is Nolio Release Automation impacted by this? 



Nolio Release Automation 6.7


Third Party Vulnerability


Broadcom Engineering team has analyzed this vulnerability and found that Nolio Release Automation is not impacted by this vulnerability as it does not use Apache-Commons-Text at all. 


Please Note:

If you use the ca-ra-infrastructure-manager-actions action pack, it does use Apache-Commons-Text. This action pack is not impacted by this vulnerability - as it doesn't use the affected StringSubstitutor API of Apache-Commons-Text. Nevertheless, the next version of the action pack will include an upgraded version of this library.