AAI vulnerabilities with CVE-2022-22970 and CVE-2022-22971
search cancel

AAI vulnerabilities with CVE-2022-22970 and CVE-2022-22971

book

Article ID: 384735

calendar_today

Updated On: 12-20-2024

Products

Automation Analytics & Intelligence

Issue/Introduction

The AAI v6.5.4 uses spring-core-5.3.19.jar which has the following vulnerabilities.

CVE-2022-22970
 

Environment

Product: Automation Analytics & Intelligence 6.5.4 or lower

Cause

N/A

Resolution

The two CVEs mentioned have been fixed as mentioned below.

CVE-2022-22970
https://spring.io/security/cve-2022-22970
CVE-2022-22971
https://spring.io/security/cve-2022-22971
 
 
 
 
From AAI v6.5.4 HF1, it is using spring-core v5.3.37, which is higher than the recommended fix v5.3.20. 
 
 
 
Please upgrade the AAI to v6.5.4 HF1 or to v24.