Is Identity Manager affected by this (CVE-2022-34169) vulnerability?
The Identity Manager application is not impacted by the vulnerabilities (CVE-2022-34169) that exist in xalan.jar.
CVE-2022-34169: The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34169.
The xalan.jar cannot be removed--its code is used in several places unrelated to the CVE.
Let your security team know that the product is not susceptible to CVE-2022-34169 but the jar file is still required.
The open JDK project which includes a repackaged copy of xalan has addressed this issue.