We have evaluated CVE-2022-22963 and CVE-2022-22965, the "Springshell" vulnerability, and have determined that ConnectALL is not vulnerable. Details are posted on this page.

Is it possible to change only the user name in an existing application link?

It is not possible to change the user name in an existing application link. Only passwords for the configured user can be changed.