is DLP vulnerable to CVE-2024-22262

Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect attack or to a SSRF attack if the URL is used after passing validation checks.

DLP 16.x 

DLP 15.8.x

DLP is not affected by CVE-2024-22262

DLP doesn't use UriComponentBuilder for URI validation. This URI builder is only used on Enforce to provide a URL link as an response to an authenticated API request expecting a URL response. DLP does not validate the host portion of the URL it returns (where the vulnerability would exist) nor does it attempt to execute the URL provided in the response, hence DLP is not impacted.