CVE-2022-22950--Spring Bean vulnerability
search cancel

CVE-2022-22950--Spring Bean vulnerability

book

Article ID: 259412

calendar_today

Updated On:

Products

CA Process Automation Base

Issue/Introduction

After upgraded to PAM 4.3.5 client found 

Sping Beans ->

Vulnerable software installed: VMware Spring Beans 4.3.26 (D:\ITPAM\CA\PAM\activemq\lib\optional\spring-beans-4.3.26.RELEASE.jar)
Vulnerable software installed: VMware Spring Beans 3.2.18 (D:\ITPAM\CA\PAM\server\c2o\ext-deploy\c2oear-snapshot.ear\web-snapshot.war\WEB-INF\lib\spring-beans- 3.2.18.RELEASE.jar)

Is spring-beans updatable?

Environment

Release : 4.3

Resolution

ITPAM uses java 8, which is not impacted by CVE-2022-22950.

Therefore, there is no point to update these files.

Powered by Wolken Software