search cancel

CVE-2022-42889 and OI


Article ID: 252482


Updated On:


DX Operational Intelligence


CVE-2022-42889 was published in the National Vulnerability Database on 13 October, 2022.  More information can be found at

The vulnerability is caused with the use of Apache Commons Text 1.5 through 1.9.  Is OI (Operational Intelligence) affected by this?


2022 10-25 One component was identified as vulnerable. 

The remediation plan is the following at this time:


1)     Include a fix in the 22.1 release with target GA date around mid-November.

2)     There will be no fix  on prior releases like 21.3.1.
SaaS :

1)     Refresh the environment with the fixin late October/early November.

2022-10-19: Broadcom Support and Engineering is looking into this on priority.  Please check back in this article regularly for updates.