In the IM14.4 , one of the customer reported the <JBoss_home>standalone/deployments/iam_im.ear/management_console.war/WEB-INF/lib/struts2-core-2.5.31.jaris vulnerable. 

IM 14.4

CVE-2023-41835

The Identity Manager does not set struts.multipart.saveDir as part of its Struts configuration, and multipart requests in the Identity Manager Management Console are not made - all data is strictly text format with no support for images/videos or any binary data besides text. So Identity Manager is not vulnerable to CVE-2023-41835. In any case, existing Struts libraries are planned to be upgraded in the upcoming release 14.5.1.

Defect#DE591782