CVE-2024-38819 in IGA Suite
search cancel

CVE-2024-38819 in IGA Suite

book

Article ID: 386068

calendar_today

Updated On:

Products

CA Identity Governance CA Identity Manager CA Identity Portal CA Identity Suite

Issue/Introduction

CVE-2024-38819 being reported. Is IGA affected by this?  

https://spring.io/security/cve-2024-38819

 

Environment

Identity Manager/Identity Governance/Identity Portal 14.5

Cause

Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running.

Resolution

CVE-2024-38819 vulnerability does not impact IGA and there are no plans to update the version of Spring jars in IGA 14.5 version but is planned to be updated as part of the next IGA 15.

Powered by Wolken Software