A vulnerability CVE-2024-4028 was found in Keycloak that is used by DevTest in IAM component. This issue may allow a privileged attacker to use a malicious payload as the permission while creating items (Resource and Permissions) from the admin console leading to a stored cross-site scripting (XSS) attack.

DevTest IAM

Keycloak Vulnerability

CVE-2024-4028 does not apply to DevTest. This vulnerability is related to Resource and Permissions in Keycloak.

While Keycloak has yet to come out with a fix, this does not apply to Service Virtualization since Resource and Permissions are disabled in Service Virtualization's Keycloak.

Hence, it is recommended to take the security exception for this vulnerability identified in DevTest