Our vulnerability scanning found these two vulnerabilities on our CDP Private Cloud 7.1.7-SP1, CVE-2022-22970 and CVE-2022-22971. There are several versions of spring-core in the parcel, none of which are the recommended version: ./jars/spring-core-4.3.29.RELEASE.jar ./jars/spring-core-5.2.18.RELEASE.jar ./jars/spring-core-5.3.10.jar ./jars/spring-core-5.3.12.jar ./jars/spring-core-5.3.13.jar ./jars/spring-core-5.3.4.jar Is CDP vulnerable to these vulnerabilities? https://tanzu.vmware.com/security/cve-2022-22970 https://tanzu.vmware.com/security/cve-2022-22971
... View more
