CVE ALERT: Do Spring Cloud Function & Spring Framework Vulnerabilities impact Enterprise Manager?
Answer: Oracle Enterprise Manager (EM) Cloud Control 13c product is not impacted by these vulnerabilities. These include:
- CVE-2022-22963 Spring Cloud Function is not used in Oracle Enterprise Manager (EM) Cloud Control 13c
- CVE-2022-22965 Spring Framework Vulnerability is impacted by the products using JDK 9 or higher version.
Important Note: Oracle Enterprise Manager (EM) Cloud Control 13c uses JDK7 and JDK8 depending on the EM version.
This is documented in:
- Impact Of CVE-2022-22963 (Spring Cloud Function) and CVE-2022-22965 (Spring Framework Vulnerability) On Oracle Enterprise Manager (EM) Cloud Control 13c (Doc ID 2860153.1)
Best Regards,
GordonO