Is TPX impacted by Java-based vulnerabilities?
For example:
Pivotal Spring Data REST and Spring Boot Vulnerability (CVE-2017-8046)
Pivotal Spring Framework Vulnerability (CVE-2018-1270)

TPX Session Mangement

TPX is assembler based and does not contain any 3rd party software. Thus, this does not affect TPX directly.

However, we cannot speak for TCP/IP, TN3270 Server and Client products customer may have. Spring Framework is common 3rd party software used by Java based products. Verify this with the vendors of your TN3270 clients that are used to access TPX.

If you to find out about a vulnerability, you can find details on the Current Vulnerabilities and Exposures (CVE) website:
Advanced Vulnerability Search