Is CA Workload Automation AE (Autosys) impacted by CVE-2023-20861 Spring Framework Vulnerability ?
Autosys Engine - This does not have any dependency on the Spring framework. Hence, AutoSys Engine module is not vulnerable.
Autosys WebUI - WebUI (WCC) is not impacted by this. The vulnerbility is specific to SpEL expressions within Spring, which we are not using against any of the user inputs within the WCC.
Embedded Entitlements Manager (EEM) does not bundle and has no dependency on Spring Framework, so not vulnerable