Have a look at some other products that may benefit you.
On March 31, 2022, vulnerabilities in the Spring Framework for Java were publicly disclosed. Microsoft is currently assessing the impact associated with these vulnerabilities. This blog is for customers looking for protection against exploitation and ways to detect vulnerable installations on their network of the critical remote code execution (RCE) vulnerability CVE-2022-22965 (also known as SpringShell or Spring4Shell).
Answer from Clarivate (EndNote)
The only thing we offer that uses JAVA is the “Capture Reference” applet, from the EndNote Online download page.
We don’t think that the Capture Reference applet is an issue, having read the issue.
It’s a simple algorithmic data-scraping tool, which then sends text data to EndNote.
Otherwise, EndNote doesn’t use JAVA.
Answer from QSR (NVivo)
NVivo products will not be affected by these bugs as they do not make use of Java.