Summary & Key Actions Required
This CVE does not impact Avantra installations.
Related security articles:
CVE-20222-22963 & CVE-20222-22965 Summary
Please see this article for more information:
Impact to Avantra
This CVE is only a problem with applications that run in a Tomcat server and use at least Java 9. Avantra uses Java 8 and runs on a Jetty server. So the problem does not affect Avantra. The Avantra development team will be delivering an updated version of spring in an upcoming release as part of our normal update processes and customers are always encouraged to keep their Avantra servers up to date.
Impact on our customers
No action is required at this time.
|6th Apr 2022 @ 17:00 CET
|Initial Notice Published
We, at Avantra, take the security of our software and our customers very seriously and it is our top priority. We will keep you up to date as more information becomes available and encourage customers to subscribe to the security section of our forum to get proactive updates as we post them.