A patch is available on top of 10.7.2 to address the following vulnerabilities:
The challenge is that even after a patch is applied some CVE- 2022-34169 and CVE-2016-1000027 vulnerabilities may still appear on the third party scan report.
10.6.x and 10.7.x on-premise installer and images.
Third party vulnerabilities.
For a fix on 10.7.2 on-premise installer, download 10.7.2 SP3. Upcoming fixes are not available on the 10.7.2 images but will be available in the next image release.
CVE-2022-34169 and CVE-2016-1000027 vulnerabilities may still appear in the third party scan as the component version number has not changed. If the third party tool cannot detect the fixes ported by repackaging the jar, then this should be mitigated directly with the third party scan tool.
CVE-2022-22965 may also appear on third party scan tools. For more information, see Knowledge Base Article.