Third-party software vulnerabilities in Advanced Authentication 9.1 SP5 CP1 (9.1.5.1) - Part#3
search cancel

Third-party software vulnerabilities in Advanced Authentication 9.1 SP5 CP1 (9.1.5.1) - Part#3

book

Article ID: 431613

calendar_today

Updated On:

Products

CA Strong Authentication

Issue/Introduction

When running a vulnerability scan against Advanced Authentication, below CVE are reported by vulnerability scanner. This article provides information on the cumulative fix, which includes updates addressing a few security vulnerabilities.

The following vulnerabilities have been assessed and are addressed as part of this hotfix:

S.No. Impact CVE Artifact Existing Version Version in 9.1.5.2

1

Critical

CVE-2019-17495

org.webjarsswagger-ui

3.0.19

 5.7.14

2

Major

CVE-2015-0254

jstl

1.2

 taglibs-standard-spec:1.2.5 taglibs-standard-impl:1.2.5

3

Major

sonatype-2022-6438

jackson-core

2.13.3

 2.19.1

4

Moderate

sonatype-2025-000535

gson

2.9.0

 2.13.1

5

Moderate

CVE-2024-47855

json-lib

2.4

 json-20250517

6

Moderate

CVE-2024-12798

logback-core

1.5.11

 1.3.15

7

Moderate

CVE-2024-21742

apache-mime4j-core

0.7.2

 0.8.12

8

Moderate

CVE-2024-47554

commons-io

2.11.0

 2.19.0

9

Major

CVE-2025-48734

commons-beanutils

1.9.4

 1.11.0

10

Major

CVE-2025-48976

commons-fileupload

1.5

 1.6.0

11

Moderate

CVE-2025-48924

commons-lang3

3.2.1

 3.18.0

12

Moderate

sonatype-2025-001911

bcprov-jdk18on

1.78

 1.81

13

    

tomcat-tribes

11.0.0-M26

 11.0.15

14

    

tomcat-juli

11.0.0-M26

 11.0.15

15

    

spring-framework

5.3.39

 5.3.46

16

    

log4j-core

2.17.1

 2.25.3

17

    

log4j-api

2.17.1

 2.25.3

18

    

log4j-1.2-api

2.17.1

 2.25.3


The patch is intended for environments running Advanced Authentication 9.1 SP5 CP2 (version 9.1.5.2) only.

Environment

Advanced Authentication 9.1 SP5 CP2 (version 9.1.5.2)

Resolution

Release Availability

The Symantec Advanced Authentication product team has released version 9.1.5.2, which addresses above listed vulnerabilities.

  • Release Name: AdvancedAuth-9.1.5.2

  • Applicable To:

    • Advanced Authentication version 9.1 SP5 CP2 (9.1.5.2)

Next Steps

  • Customers on version 9.1.5.1 are encouraged to download and apply 9.1.5.2 release to address the above-listed vulnerabilities.

  • If you require assistance with upgrade or testing in lower environments, please reach out to Broadcom Support.

Additional Information

To download AdvancedAuth-9.1.5.2 release, please refer: https://knowledge.broadcom.com/external/article?articleNumber=188284

Powered by Wolken Software