Vulnerability Description
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment.
If the application is deployed as a Spring Boot executable jar, the default, it is not vulnerable to the exploit.
Vulnerability Details
Publication Date: April 2022
Vulnerability Link: 
NVD - CVE-2022-22965 NVD - CVE-2022-22963
NVD CVSS Score: Being evaluated
Affected CTERA Products
No CTERA products is affected.
Analysis
Both the CVE-2022-22965 and CVE-2022-22963 vulnerabilities are classified by CTERA as having no impact on CTERA products. Although the spring-core-2.5.6.jar is part of the CTERA Portal product, CTERA does not use Spring modules MVC or Spring WebFlux which potentially allow an attacker to send a specially crafted HTTP request to bypass protections via the Spring Core library of the HTTP request parser, leading to remote code execution.
Workaround
No workaround is required.