Is the Symantec IGA Identity Suite software vulnerable to Apache Vulnerability CVE-2024-34750?

Broadcom Symantec IGA Identity Suite Software

The Broadcom Symantec IGA Identity Suite software is not vulnerable to Apache Vulnerability CVE-2024-34750 

The Virtual Appliance does include an Apache HTTP server to act as a proxy to route internal communications, but the Apache HTTP server is not impacted by this Vulnerability. 

Connector Xpress 2.0 bundles Tomcat 9.0.64 as part of SpringBoot but does not use HTTP headers required to make this vulnerability exploitable.   
Engineering is working on updating Connector Xpress 2.0 to the 9.090 Apache Tomcat release.  A hotfix will be released once completed. 



If the Symantec IGA JasperReports Server server is deployed it may be running on an Apache Application Server.   You will need to review the JasperReports Server deployment to determine if it is running on a Vulnerable version of Apache Tomcat and if so upgrade Tomcat to the latest version where this is addressed. 

www.redhotcyber.com - Critical Apache Tomcat Vulnerability CVE-2024-34750 Could Bring Your Server to a Halt!