Local security scan shows the following CVEs
Identity Suite 14.x
JQueryUI version 1.12.1
The scan results are caused by JQueryUI version 1.12.1. IGA version 14.4 and 14.5 currently use this JQueryUI version. L2 has confirmed the backend code. IGA is not vulnerable to the CVEs with JQueryUI version 1.12.1. IGA does not use the vulnerable functions and they are not accessible to be exploited.
The current JQueryUI version used, 1.12.1 has been confirmed not vulnerable in our current 14.4 and 14.5 releases. The vulnerable functions are not used and not exploitable.
JQueryUI version 1.13.2 is under review for a future release of V15.