During a scan using CrowdStrike Exposure Management of our 24.0.01 Autosys instance, the following CVE was detected:

Security vulnerability CVE-2020-10650 detected in the file:
webserver/webapps/AEWS/WEB-INF/lib/jackson-core-asl-1.9.13.jar

Our version of Autosys is LINUX ORA 24.0 01

How do we mitigate this CVE?

AutoSys 24.0.01 and earlier

Third party vulerability

The AutoSys Web Service does not have a direct dependency on the Jackson component.
It is used indirectly through the Jersey component.
According to the vulnerability details, exploitation occurs only when ignite-jta(Apache) or quartz-core is in use, but AutoSys does not use any of these.

Therefore, AutoSys 24.0 SP1 is not impacted by CVE-2020-10650.

Additionally, AutoSys 24.1 and later versions include the latest 2.x version of the Jackson component, which does not have this vulnerability.