The Xima® Formcycle Versions 6.4.0 through 6.6.13 contain a version of the Spring Framework that contains the CVE-2022-22965 vulnerability disclosed on March 31st, 2022.
Currently, we are not aware of any scenario where this vulnerability in Xima® Formcycle can be exploited. We still recommend to upgrade to Xima® Formcycle Version 6.6.14, which use a new version the Spring Framework that no longer contain these vulnerability.
Xima® Formcycle version 6 uses a version of Log4j that does not contain the vulnerabilities CVE-2021-44228 and CVE-2021-45046. Notes on their impact on the newer Xima® Formcycle versions 7.0.0 through 7.0.7 are located on the General Security Recommendations page in the Help for Xima® Formcycle version 7.