Do Spring Framework vulnerabilities impact PPM

Document ID : KB000095351
Last Modified Date : 12/10/2018
Show Technical Document Details
Question:
Is CA PPM affected by the following multiple Spring Framework vulnerabilities? Does PPM use Spring Framework to be developed?

1) CVE-2018-1270: Remote Code Execution with spring-messaging 
2) CVE-2018-1271: Directory Traversal with Spring MVC on Windows 
3) CVE-2018-1272: Multipart Content Pollution with Spring Framework 
4) CVE-2018-1273: RCE with Spring Data Commons 
5) CVE-2018-1274: Denial of Service with Spring Data 
Answer:
The Spring Libraries stored under the lib folder of PPM install folder is used for testing PPM and not used by PPM itself. Also Spring Data Commons and Spring Data REST are not used in PPM. As a result, the above vulnerabilities do not impact PPM.