The Cygna Auditor and PBMS code bases are not susceptible to java vulnerabilities and exploits as they do not contain any java applications, containers, runtimes or libraries. As such, our solutions are not impacted by two high profile vulnerabilities related to different Spring projects that are actively being exploited, CVE-2022-22963 and CVE-2022-22965 (not yet published) by VMware though documented. Cygna Labs always takes the security of our solutions as a top priority and we incorporate reported security updates for dependencies as part of our regular release process.