We are conducting security vulnerability scans of our IdM product implementation.
We have discovered that the following libraries have serious vulnerabilities registered against them.
We have also verified that they still exist in the 14.5.
When will newer versions of the jar files be available and incorporated into the release?
The quartz jar is 2.3.2. It is subject to the following CVE: CVE-2023-39017
After review by our Level 2 team for this issue, it has been determined that CVE-2023-39017 talks about quartz-jobs 2.3.2.jar
this jar is not being used by IM. IM uses quartz-2.3.2.jar this is not Vulnerable.
this class "org.quartz.jobs.ee.jms.SendQueueMessageJob" is present in quartz-jobs 2.3.2.jar but not quartz-2.3.2.jar
So CVE-2023-39017 does not have impact on IM .