After upgraded to PAM 4.3.5 client found
Sping Beans ->
Vulnerable software installed: VMware Spring Beans 4.3.26 (D:\ITPAM\CA\PAM\activemq\lib\optional\spring-beans-4.3.26.RELEASE.jar)
Vulnerable software installed: VMware Spring Beans 3.2.18 (D:\ITPAM\CA\PAM\server\c2o\ext-deploy\c2oear-snapshot.ear\web-snapshot.war\WEB-INF\lib\spring-beans- 3.2.18.RELEASE.jar)
Is spring-beans updatable?
Release : 4.3
ITPAM uses java 8, which is not impacted by CVE-2022-22950.
Therefore, there is no point to update these files.