CVE-2022-42889 was published in the National Vulnerability Database on 13 October,, 2022.  More information can be found here. 

The vulnerability is caused by the use of Apache Commons Text 1.5 through 1.9. 

Is CA Configuration Automation affected by this?

All versions of CA Configuration Automation (CA Configuration Automation)

2022-10-19: Broadcom Support and Engineering are looking into this on priority.  Please check back on this article regularly for updates.