User would like to know impact of CVE (CVE-2024-22243 and CVE-2024-22262) i.e Spring Framework Open redirect vulnerability.

NCM - 10.1.x/24.3.x

According to NVD's (CVE-2024-22243 and CVE-2024-22262) description, applications that use 'UriComponentsBuilder' to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect attack or to a SSRF attack if the URL is used after passing validation checks and Spring framework impacted are (6.0.0 - 6.0.16, 6.1.0 - 6.1.3 and 5.3.0 - 5.3.31).

Latest NCM i.e 10.1.13 uses Spring Framework 5.3.28; NCM does not use 'UriComponentsBuilder' hence NCM is not impacted of this vulnerability. 

NOTE: Spring Framework upgraded to 6.5.x in NCM 24.3.13 release, upgrade to 24.3.13 to avail the fix.