Support Questions

loubershad · ‎10-26-2022

Our vulnerability scanning found these two vulnerabilities on our CDP Private Cloud 7.1.7-SP1, CVE-2022-22970 and CVE-2022-22971. There are several versions of spring-core in the parcel, none of which are the recommended version:

./jars/spring-core-4.3.29.RELEASE.jar
./jars/spring-core-5.2.18.RELEASE.jar
./jars/spring-core-5.3.10.jar
./jars/spring-core-5.3.12.jar
./jars/spring-core-5.3.13.jar
./jars/spring-core-5.3.4.jar

Is CDP vulnerable to these vulnerabilities?

https://tanzu.vmware.com/security/cve-2022-22970

https://tanzu.vmware.com/security/cve-2022-22971

pajoshi · ‎10-26-2022

Hello @loubershad,

Current available GA versions of CDP does not have the fix included for the mentioned CVE (CVE-2022-22970 and CVE-2022-22971)

However, it is currently planned and should be available with upcoming release of CDP

Thank you!

View solution in original post

pajoshi · ‎10-26-2022

Hello @loubershad,

Current available GA versions of CDP does not have the fix included for the mentioned CVE (CVE-2022-22970 and CVE-2022-22971)

However, it is currently planned and should be available with upcoming release of CDP

Thank you!

Cloudera Community

Support Questions

CVE-2022-22970 and CVE-2022-22971 spring-core vulnerabilities