For IM&G products that are impacted by CVE-2022-22965 Spring4Shell, please see https://portal.microfocus.com/s/article/KM000005245
Retain is vulnerable. The patch to resolve this vulnerability is now available in the download area of the customer portal.