DevTest Security Vulnerability for CVE-2022-22950

search cancel

DevTest Security Vulnerability for CVE-2022-22950

book

Article ID: 246681

calendar_today

Updated On:

Products

Service Virtualization

Issue/Introduction

Received a security vulnerability report from our Security Team via a Nessus scan report with the following:

Spring Framework < 5.2.20 / 5.3.x < 5.3.17 DoS (CVE-2022-22950)

Plugin Output:
Path : /opt/CA/DevTest10.6/webserver/broker/solrservice/WEB-INF/lib/grails-spring-3.3.10.jar
Installed version : 3.3.10
Fixed version : 5.2.20

Path : /opt/CA/DevTest10.6/webserver/phoenix/phoenix-10.6.0/WEB-INF/lib/grails-spring-3.3.10.jar
Installed version : 3.3.10

Is there a patch to remedy this vulnerability for the 10.6 installation we are currently using?

Environment

Release : 10.6

Component : DevTest Vulnerability

Cause

Vulnerability

Resolution

As per engineering, this vulnerability is fixed in DevTest 10.7.2 and it is a complex fix with several other dependent jars hence difficult to back port to DevTest 10.6.0.

It is suggested to upgrade to DevTest 10.7,2 at this time.

DevTest 10.6.0 is EOS in March, 2023.

Additional Information

DevTest Solutions Release and Support Lifecycle Dates

Feedback

thumb_up Yes

thumb_down No