4 weeks ago
Are there plans to update the Spring framework within Crystal Reports to mitigate CVE-2022-2296? The software is continually flagged by scanning systems to be vulnerable to this CVE especially if Java 9+ is installed on the system that CR 2020 is installed on.
EDIT:
I'll get R&D to look into this but be aware SAP has it's own version of Java, not the one belonging to Oracle.
A quick search finds no KBA's on that CVE.
Crystal Reports itself uses Java Scripts and doesn't use the Java engine itself.
In CR Designer click on Help... About and the more info button. You will see if only uses 2 Java processes and not java.exe.
R&D looked at the number and it's related to Chrome browser... not an issue.
Did you mean this one?
If so that one is on the schedule to be fixed...
And confirm with customer that CVE was flagged in browsing.war?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
82 | |
11 | |
10 | |
8 | |
7 | |
6 | |
6 | |
6 | |
5 | |
5 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.