Is CA PPM affected by the following multiple Spring Framework vulnerabilities? Does PPM use Spring Framework to be developed?
1) CVE-2018-1270: Remote Code Execution with spring-messaging
2) CVE-2018-1271: Directory Traversal with Spring MVC on Windows
3) CVE-2018-1272: Multipart Content Pollution with Spring Framework
4) CVE-2018-1273: RCE with Spring Data Commons
5) CVE-2018-1274: Denial of Service with Spring Data
The Spring Libraries stored under the lib folder of PPM install folder is used for testing PPM and not used by PPM itself. Also Spring Data Commons and Spring Data REST are not used in PPM. As a result, the above vulnerabilities do not impact PPM.