Summary & Key Actions Required

This CVE does not impact Avantra installations.

Related security articles:

• Avantra Hardening Guide

CVE-20222-22963 & CVE-20222-22965 Summary

Please see this article for more information:

• https://nvd.nist.gov/vuln/detail/CVE-2022-22963
• https://nvd.nist.gov/vuln/detail/CVE-2022-22965 

Impact to Avantra

This CVE is only a problem with applications that run in a Tomcat server and use at least Java 9. Avantra uses Java 8 and runs on a Jetty server. So the problem does not affect Avantra. The Avantra development team will be delivering an updated version of spring in an upcoming release as part of our normal update processes and customers are always encouraged to keep their Avantra servers up to date.

Impact on our customers

No action is required at this time.

Change Log

We, at Avantra, take the security of our software and our customers very seriously and it is our top priority. We will keep you up to date as more information becomes available and encourage customers to subscribe to the security section of our forum to get proactive updates as we post them.