Below CVE Security Vulnerabilities reported in the Advanced Authentication environment. Is Advanced Authentication product vulnerable to CVE-2024-22243 , CVE-2024-22262 , CVE-2024-38808 , CVE-2024-38819?

 Kindly find the below location snippet for reference:

<App Server Home>/tmp/vfs/deployment/deployment6488f388d47c432b/spring-web-5.3.29.jar-b4aafb98341faa72/spring-web-5.3.29.jar
<App Server Home>/tmp/vfs/deployment/deployment6488f388d47c432b/spring-web-5.3.29.jar-c00a9ae5517d1814/spring-web-5.3.29.jar
<App Server Home>/tmp/vfs/temp/temp2df7c8fbd3d6dde3/content-c4d09229fe599e9e/WEB-INF/lib/spring-web-5.3.29.jar
<App Server Home>/tmp/vfs/temp/temp2df7c8fbd3d6dde3/content-fba09dc6a0d548b8/WEB-INF/lib/spring-web-5.3.29.jar
<App Server Home>/tmp/vfs/deployment/deployment6488f388d47c432b/spring-web-5.3.29.jar-b4aafb98341faa72/spring-web-5.3.29.jar
<App Server Home>/tmp/vfs/deployment/deployment6488f388d47c432b/spring-web-5.3.29.jar-c00a9ae5517d1814/spring-web-5.3.29.jar

Release: 9.1 SP1.xx.xx (9.1.5 CP1)
Component: CA Advanced Authentication (Strong Authentication and Risk Authentication)

Advanced Auth product team has already addressed these 3 CVEs ("CVE-2024-22243 ", " CVE-2024-22262 ", " CVE-2024-38808") in 9.1.5 CP1 release.

It is recommended to upgrade to 9.1.5 CP1 release to resolve the 3 vulnerabilities.

------

On April 30th, 2025, the SE Engineering team released a Hotfix/PATCH to address the "CVE-2024-38819" vulnerability.

The CVE-2024-38819 is addressed as part of the Hotfix. It was related to the Spring framework upgrade, and we have upgraded it to 5.3.42 which addresses that vulnerability.

This will be a patch on top of 9.1.5.1 release.

Kindly go through the below KB article for the required PATCH and deployment steps.

------ Document reference:

Third-party software vulnerabilities in Advanced Authentication 9.1 SP5 CP1 (9.1.5.1)

https://knowledge.broadcom.com/external/article?articleNumber=395756