Vulnerability 161731 detected in ITPAM server.
"Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass."
Plugin Output:
Path : C:\Program Files\CA\PAM\activemq\lib\optional\shiro-core-1.4.1.jar
Installed version : 1.4.1
Fixed version : 1.8.0
Path : C:\Program Files\CA\PAM\activemq\lib\optional\shiro-spring-1.4.1.jar
Installed version : 1.4.1
Fixed version : 1.8.0
Release : 4.3.X
Component : Process Automation
The reported jars belong to ActiveMQ component used by ITPAM.
These jars are optional jars and not required for ITPAM.
The Upcoming major release ITPAM 4.4 will be having the version "1.9.0" as:
shiro-core-1.9.0
shiro-spring-1.9.0
As a workaround, these jars can be deleted from the installation location:
C:\Program Files\CA\PAM\activemq\lib\optional\