3190652 - Spring Framework vulnerabilities - further information for BI 4.x

Further information on following Spring Framework vulnerabilities:

• CVE-2010-1622 - impacted versions: SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 
• CVE-2014-0054 - impacted versions: Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2
• CVE-2013-4152 - impacted versions: Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1
• CVE-2013-7315 - impacted versions: Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2
• CVE-2022-22950 - impacted versions: Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions
• CVE-2022-22965 - impacted versions: Spring MVC or Spring WebFlux application running on JDK 9+
• CVE-2022-22963 - impacted versions: Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions

• SAP BusinessObjects Business Intelligence (BI) Platform 4.x (4.2 / 4.3)
• Spring Framework
• Windows
• Linux / Unix 

CVE-2010-1622 Spring Framework - Arbitrary code Execution
CVE-2014-0054 Incomplete fix for CVE-2013-7315 / CVE-2013-6429 (XXE)
CVE-2013-4152 XML eXternal Entity (XXE) injection in Spring Framework
CVE-2013-7315 XML External Entity (XXE) injection in Spring Framework
CVE-2022-22950 Spring Expression DoS Vulnerability
CVE-2022-22965 Spring Framework RCE via Data Binding on JDK 9+ Spring4Shell Zero-Day
CVE-2022-22963 Remote code execution in Spring Cloud Function by malicious Spring Expression , KBA , BI-BIP-DEP , Webapp Deployment, Networking, Vulnerabilities, Webservices , MOB-APP-BI-SRV , Mobile BI Server , Problem