search cancel

CVE 2022-40664 Apache Shiro < 1.10.0 Authentication Bypass when forwarding via RequestDispatcher

book

Article ID: 254111

calendar_today

Updated On:

Products

CA Workload Automation AE

Issue/Introduction

Please confirm if below applications are impacted due to vulnerability - CVE 2022-40664

WCC  - 11.4 SP7

EEM - 12.6

Autosys - 11.3.6 SP8

 

 

Environment

Release : 11.3.6.SPX, R12.X

Resolution

Autosys: Apache Shiro is not used by AutoSys Scheduler, AutoSys Application Server, AutoSys Web server, AutoSys Client, Agent components.

EEM: EEM won't use the Apache Shiro

WCC: WCC uses the Shiro library for test purpose only. For the authentication and authorization, it actually depend on EEM. We have a plan to cleanup some of these unwanted libraries in future releases.