Spring Framework Vulnerability CVE-2023-20861 impact on Autosys
search cancel

Spring Framework Vulnerability CVE-2023-20861 impact on Autosys

book

Article ID: 266179

calendar_today

Updated On:

Products

Autosys Workload Automation

Issue/Introduction

Is CA Workload Automation AE (Autosys) impacted by CVE-2023-20861 Spring Framework Vulnerability ?

 

Resolution

Autosys Engine - This does not have any dependency on the Spring framework. Hence, AutoSys Engine module is not vulnerable.

Autosys WebUI - WebUI (WCC) is not impacted by this.  The vulnerbility is specific to SpEL expressions within Spring, which we are not using against any of the user inputs within the WCC. 

Embedded Entitlements Manager (EEM) does not bundle and has no dependency on Spring Framework, so not vulnerable