Outdated Spring Framework libraries in Workpoint and Connector Xpress 2.0
search cancel

Outdated Spring Framework libraries in Workpoint and Connector Xpress 2.0

book

Article ID: 368275

calendar_today

Updated On:

Products

CA Identity Suite

Issue/Introduction

Spring framework

We found outdated Springs framework libraries of version 4.0.7 and 5.2.5 in the following applications

  • Version 4.0.7 is included in the Workpoint designer, specifically in the wpPPCO.war, wpWebframe.war). This version is, according to Maven repository from September 2014. It is known to contain a number of security vulnerabilities
  • Version 5.2.5 of the Spring Beans is included in Connector Xpress 2.0 (connxp.war). This version was released in 2020, but it also contains several high priority vulnerabilities

Please, ensure replacement of the outdated and vulnerable versions with a newer version (>=5.2.25 or >=5.3.34, there is no acceptable candidate in in the 4.x.x version of the framework)

Environment

Identity Manager 14.4 / 14.5

Resolution

Sprint framework libraries are updated in Identity Manager release v14.5.1