Under Identity Governance, it uses Eclipse BIRT versions 4.8.0 earlier version, an attacker can use query parameters to create a JSP file that is accessible from remote.  

Standalone Identity Governance 14.5 SP1 CHF1, EAP 7.4

CVE-2021-34427

If the customer is not using the legacy report, do the following

1. On the machine where the Identity Governance is installed, navigate to JBOSS_HOME\Standalone\deployments.
2. Stop the Identity Governance Server.
3. Take backup of the Viewer.war and viewer.war.deployed file to some other location
4. After taking the backup, delete the viewer.war and viewer.war.deployed file from the JBOSS_HOME\Standalone\deployments folder.
5. Start the Identity Governance Server.