The impact of Apache Xalan (CVE- 2022-34169) and Spring Framework (CVE-2016-1000027, CVE-2022-22971, CVE-2022-22970, CVE-2022-22968, CVE-2022-22965) on Service Virtualization
search cancel

The impact of Apache Xalan (CVE- 2022-34169) and Spring Framework (CVE-2016-1000027, CVE-2022-22971, CVE-2022-22970, CVE-2022-22968, CVE-2022-22965) on Service Virtualization

book

Article ID: 259530

calendar_today

Updated On:

Products

Service Virtualization

Issue/Introduction

A patch is available on top of 10.7.2 to address the following vulnerabilities: 

  • Apache Xalan (Java): CVE- 2022-34169 
  • Spring Framework: CVE-2016-1000027, CVE-2022-22971, CVE-2022-22970, CVE-2022-22968, CVE-2022-22965

The challenge is that even after a patch is applied some CVE- 2022-34169 and CVE-2016-1000027 vulnerabilities may still appear on the third party scan report.

 

Environment

10.7.x on-premise installer and images.

Cause

Third party vulnerabilities.

Resolution

The latest versions of DevTest do not have these vulnerabilities,  Please upgrade to 10.7.2 and above

 

Powered by Wolken Software