Is Clarity embedded Jaspersoft solution vulnerable to CVE-2022-22978?

This solution is not vulnerable.

In respect to Clarity, Jaspersoft is an embedded software. Clarity does not use Jaspersoft native authentication, which can expose this vulnerability as described in CVE-2022-22978. Clarity does not use Spring-based authentication as documented in KB 248233 - CVE-2022-22950 Spring framework vulnerability - Clarity PPM.

Clarity has a custom authentication solution where Clarity communicate with Jaspersoft by sending an encrypted token (which are encrypted using tenant-level key stores) and Clarity's custom plugin in Jaspersoft can only decrypt the token and either pass or fail the authentication. Also, all the users that are synced to Jaspersoft from Clarity do not have passwords persisted in Jaspersoft DB.