Data Protection Advisor: Spring Framework False Positive Security Vulnerability (CVE-2022-22950)
Summary: This article provides a list of security vulnerabilities that cannot be exploited on Data Protection Advisor versions-19.7,19.6,19.5,19.4,19.3,19.2,19.1,18.X or earlier, but which may be identified by security scanners. ...
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Security Article Type
Security KB
CVE Identifier
CVE-2022-22950
Issue Summary
See the 'Recommendation' section below for details on each CVE.
Recommendations
The vulnerabilities listed in the table below are in order by the date on which Data Protection Advisor Engineering determined that the Data Protection Advisor versions 19.6,19.5,19.4,19.3,19.2,18.X were not vulnerable.
| Third-party Component | CVE ID | Summary of Vulnerability | Reason why Product is not Vulnerable | Date Determined False Positive |
| Spring Framework versions 5.3.0 - 5.3.16 | CVE-2022-22950 | In Spring Framework versions 5.3.0 - 5.3.16 and earlier unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition. | DPA does not use affected SpEL expression class in the Source code. | 04 Jul 2022 |
Legal Disclaimer
Affected Products
Data Protection AdvisorArticle Properties
Article Number: 000201829
Article Type: Security KB
Last Modified: 19 Sep 2025
Version: 2
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.