Qualys has found a vulnerability on MOI 2.1. Please review the security vulnerability on Spring Framework - spring-core-5.3.19.jar.

CVE-2022-22970: Spring Framework DoS via Data Binding to MultipartFile or Servlet Part

Release : 2.1 IE4

Spring-core is a transitive dependency coming from springframework.  With MOI IE4, springframework has been upgraded to 5.3.27 which is not affected by CVE-2022-22970.   

We see older versions of springframework (4.3.30) as a transitive dependency for some of our modules, but after looking at this in more detail, we concluded that the vulnerable file upload functionality is not used or exposed in the impacted module.

After the MOI IE4 upgrade, MOI is not exploitable with this vulnerability (CVE-2022-22970).