cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are there plans to update the Spring framework within Crystal Reports

tbingeman
Explorer

4 weeks ago

0 Kudos

Are there plans to update the Spring framework within Crystal Reports to mitigate CVE-2022-2296?  The software is continually flagged by scanning systems to be vulnerable to this CVE especially if Java 9+ is installed on the system that CR 2020 is installed on.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

DonWilliams
Active Contributor
3 weeks ago

EDIT:

I'll get R&D to look into this but be aware SAP has it's own version of Java, not the one belonging to Oracle.

A quick search finds no KBA's on that CVE.

Crystal Reports itself uses Java Scripts and doesn't use the Java engine itself.

In CR Designer click on Help... About and the more info button. You will see if only uses 2 Java processes and not java.exe.

R&D looked at the number and it's related to Chrome browser... not an issue.

Did you mean this one?

CVE-2022-22965

If so that one is on the schedule to be fixed...

And confirm with customer that CVE was flagged in browsing.war?

 

 

Show replies
Show replies
tbingeman
Explorer
3 weeks ago
0 Kudos
CVE-2022-22965 is what was supposed to be in the original question.
DonWilliams
Active Contributor
3 weeks ago
0 Kudos
Thanks, need you to confirm this also - "And confirm with customer that CVE was flagged in browsing.war?"
tbingeman
Explorer
3 weeks ago
0 Kudos
Yes the CVE was flagged in browsing.war
tbingeman
Explorer
2 weeks ago
0 Kudos
Can you tell me when the CVE will be fixed?
DonWilliams
Active Contributor
Friday
0 Kudos
it's schedule for end of May but that can change if there are any ship killers, CR for VS is attached and built along with BOE Server and Crystal Reports Designer, so if any one of those have a delay so does CR for VS.
Ask a Question