Spring Framework Vulnerability CVE-2024-38809 - impact on DX UIM
search cancel

Spring Framework Vulnerability CVE-2024-38809 - impact on DX UIM

book

Article ID: 380270

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM)

Issue/Introduction

A security scan has identified a potential vulnerability for DX UIM for Spring Framework 5.3.37 -  CVE-2024-38809 - is there a way to remediate this vulnerability?

Environment

DX UIM 23.4.2 and prior

Resolution

DX UIM is not vulnerable to this specific attack even though the affected version of Spring Framework is in use.  


Applications that parse ETags from "If-Match" or "If-None-Match" request headers are vulnerable, but DX UIM does not perform these operations.


We are aware that this may still trigger a security scan to report the vulnerability, so the Spring Framework will be updated as a matter of normal course in an upcoming release of DX UIM.

Additional Information