Cyber security team has detected vulnerabilities in the IDM paths, Please let us know how to remediate this vulnerability.
/opt/CA/jboss-eap-7.4/standalone/deployments/iam_im.ear/management_console.war/WEB-INF/lib/struts2-core-2.5.30.jar
/opt/CA/jboss-eap-7.4/standalone/tmp/vfs/deployment/deployment84b3cbdea5e5b69/struts2-core-2.5.30.jar-c4c43ad1b3cea8f2/struts2-core-2.5.30.jar
Release : 14.4
CVE-2023-34149: Security updates available for Apache Struts:
Engineering advises that this is a medium-scored (CVE - 6.5) vulnerability regarding the allocation of resources without limits which can lead to service denial.
The Struts library is used for the Identity Manager Management Console which is an administrator-privileged console that only administrators can access. It is local to your network and per our analysis, there is no harm to the application.
Identity Manager is not susceptible to the reported vulnerability.