CVE-ID: CVE-2023-2422 (https://access.redhat.com/security/cve/cve-2023-2422)
When a Keycloak server is configured to support mTLS authentication for OAuth/OpenID clients, it does not properly verify the client certificate chain. A client that possesses a proper certificate can authorize itself as any other client and therefore access data that belongs to other clients.

Release : 10.7.2

IAM is not affected by this vulnerability, as we are not using mTLS authentication in DevTest/IAM communications.

Conclusion: This vulnerability is not affecting the Identity Access Manager.