Is DLP susceptible to CVE-2024-22243, CVE-2024-22259, CVE-2024-22262, CVE-2024-22243, CVE-2024-38808 and CVE-2024-38809: Spring Framework URL Parsing with Host Validation?

Applications that use UriComponentBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect attack or to a SSRF attack if the URL is used after passing validation checks.

https://spring.io/security/cve-2024-22243 
https://nvd.nist.gov/vuln/detail/CVE-2024-22243 
https://spring.io/security/cve-2024-22259 
https://nvd.nist.gov/vuln/detail/CVE-2024-22259 
https://spring.io/security/cve-2024-22262 
https://nvd.nist.gov/vuln/detail/CVE-2024-22262 
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22243 
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38808 
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38809 

DLP doesn't use UriComponentBuilder for URI validation.
The URI builder is only used on Enforce to provide a URL link as a response to an authenticated API request expecting a URL response.
DLP does not validate the host portion of the URL it returns (where the vulnerability would exist) nor does it attempt to execute the URL provided in the response, hence DLP is not impacted.

NOTE: Library upgrade will be part of 16.0 RU2. Therefore this scan result should not report after an upgrade to RU2.