Vulnerabilities CVE-2021-45105/CVE-2025-41242/CVE-2025-68161/CVE-2025-48976/CVE-2025-41249 in Advanced Authentication
Article ID: 432843
Updated On:
Products
Issue/Introduction
Below is the list of vulnerabilities identified in the Advanced Authentication components:
| CVE Record Information | Affected Components and Fixed Versions | Fixed version |
| Apache Log4j 2.x < 2.17.0 DoS CVE-2021-45105 |
<tomcat_home>/webapps/arcotafm/WEB-INF/lib/ca-push-connector-1.0.jar Installed version: Log4j 2.11.2 |
Log4j 2.12.3 / 2.17.0 |
| Apache Log4j 2.0-beta9 < 2.25.3 MitM CVE-2025-68161 |
<ARCOT_HOME>/sampleApplications/samlsampleapp.war <ARCOT_HOME>/sampleApplications/insuranceapp.war <ARCOT_HOME>/sampleApplications/customapp.war <ARCOT_HOME>/sampleApplications/bankapp.war <ARCOT_HOME>/adapterStateManager/mysql/arcotsm.war <ARCOT_HOME>/adapterStateManager/mssql/arcotsm.war <ARCOT_HOME>/adapterStateManager/oracle/arcotsm.war <ARCOT_HOME>/adapterAFM/arcotafm.war <tomcat_home>/webapps/arcotafm.war <tomcat_home>/arcotafm/WEB-INF/lib/log4j-core-2.17.0.jar <tomcat_home>/webapps/arcotafm/WEB-INF/lib/ca-push-connector-1.0.jar Installed version: Log4j 2.17.0 Installed version : Log4j 2.11.2 |
Log4j 2.25.3 |
| Apache Commons FileUpload < 1.6 , 2.0.0-M1 < 2.0.0-M4 Denial of Service (CVE-2025-48976) CVE-2025-48976 |
<tomcat_home>/webapps/arcotafm/WEB-INF/lib/commons-fileupload-1.3.3.jar |
Commons-FileUpload-1.6 |
| Spring Framework 5.3.x < 5.3.45 / 6.1.x < 6.1.23 / 6.2.x < 6.2.11 Annotation Detection Vulnerability (CVE-2025-41249) CVE-2025-41249 |
<tomcat_home>/webapps/SMSProxy/WEB-INF/lib/spring-core-5.3.39.jar |
Spring Framework 5.3.45 |
Environment
Symantec Advanced Authentication 9.1.5.1
Resolution
These vulnerabilities are addressed as part of the Symantec Advanced Authentication 9.1.5.2 patch. Please upgrade to address these vulnerabilities.
Feedback
