Third-party software vulnerabilities in Advanced Authentication 9.1 SP5 CP1 (9.1.5.1) - Part#2
search cancel

Third-party software vulnerabilities in Advanced Authentication 9.1 SP5 CP1 (9.1.5.1) - Part#2

book

Article ID: 414198

calendar_today

Updated On:

Products

CA Advanced Authentication CA Advanced Authentication - Risk Authentication (RiskMinder / RiskFort) CA Advanced Authentication - Strong Authentication (AuthMinder / WebFort)

Issue/Introduction

When running a vulnerability scan against Advanced Authentication, below CVE are reported by vulnerability scanner. This article provides information on the Hotfix, which includes updates addressing a few security vulnerabilities.

The following vulnerabilities have been assessed and are addressed as part of this hotfix:

Impact CVE Artifact Existing Version
Critical CVE-2019-17495 org.webjarsswagger-ui 3.0.19
Major CVE-2015-0254 jstl 1.2
Major sonatype-2022-6438 jackson-core 2.13.3
Moderate sonatype-2025-000535 gson 2.9.0
Moderate CVE-2024-47855 json-lib 2.4
Moderate CVE-2024-12798 logback-core 1.5.11
Moderate CVE-2024-21742 apache-mime4j-core 0.7.2
Moderate CVE-2024-47554 commons-io 2.11.0
Major CVE-2025-48734  commons-beanutils 1.9.4
Major CVE-2025-48976 commons-fileupload 1.5
Moderate CVE-2025-48924  commons-lang3 3.2.1
Moderate sonatype-2025-001911 bcprov-jdk18on 1.78

The patch is intended for environments running Advanced Authentication 9.1 SP5 CP1 (version 9.1.5.1) only.

Environment

Advanced Authentication 9.1 SP5 CP1 (version 9.1.5.1) 

Resolution

Patch Availability

The Symantec Advanced Authentication product team has released hotfix over 9.1.5.1, which addresses above listed vulnerabilities.

  • Patch Name: AdvancedAuth-9.1.5.1-Sep2025-Hotfix

  • Download Location: KB attachment.

  • Applicable To:

    • Advanced Authentication version 9.1 SP5 CP1 (9.1.5.1)

    • Note: This patch is not compatible with versions below 9.1.5.1

Next Steps

  • Customers on version 9.1.5.1 are encouraged to download and apply Hotfix to address the above-listed vulnerabilities.

  • If you require assistance with patch application or testing in lower environments, please reach out to Broadcom Support.

Additional Information

To download AdvancedAuth-9.1.5.1-April2025-Hotfix, please refer: https://broadcomcms-software.wolkenservicedesk.com/external/article?articleNumber=395756 

Attachments

Symantec-AdvAuth-9.1.5.1-DE639643-HotFix.zip get_app
Powered by Wolken Software