Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0.  Apache Commons Lang exists in both the Policy Server and AdminUI.

All Siteminder releases prior to 12.9.1

Use Apache Commons Lang 3.18.0 or higher.  Contact Broadcom support for a dev fix for the Policy Server if you are running 12.9 or lower.  For the AdminUI, no fix is currently available as Apache Commons Lang is provided via Wildfly, and Wildfly has not issued any fixes for the 24.x version that the 12.8x and 12.9 AdminUI uses.  Thus, this vulnerability will be addressed in the 12.9.1 release of the AdminUI.