The following vulnerabilities have been reported for CA Agile Requirements Designer:
Agile Requirements Designer Hub 3.2.5, 3.2.7, 3.3
Agile Requirements Designer Studio is not affected by Spring vulnerabilities, and customers who do not use ARD Hub are not impacted.
Agile Requirements Designer Hub is vulnerable to the multiple Spring vulnerabilities. The ARD Hub development team has completed the fixes for the hub at this time.
These fixes contain the below:
Please note, there is no change in keycloak setup.
Please refer to the Agile Requirements Designer documentation:
https://techdocs.broadcom.com/us/en/ca-enterprise-software/devops/agile-requirements-designer/3-3/installing/install-ard-hub/install-ard-hub-manually.html
This will follow the same steps as 3.3 released artifacts.
For customers that are running the older 3.2.0 release of ARD Hub should upgrade to ARD Hub 3.2.5 or 3.2.7 and apply the provided fix.