The customer noticed the following vulnerabilities during a security scan:

CVE-2022-24785 /opt/CA/Directory/management-ui/node_modules/emailjs/node_modules/moment
CVE-2022-24785 /opt/CA/Directory/management-ui/node_modules/moment

Product: CA Directory
Component: Management UI
Affected Versions: 14.1 SP5 and earlier (including out-of-support versions like 14.1 SP3)

To remediate CVE-2022-24785, follow these steps:

Identify Current Version: Confirm the exact version and Service Pack (SP) level of CA Directory currently in use.

Upgrade: Upgrade CA Directory to version 14.1 SP7.

Verify Library Version: The 14.1 SP7 release includes an updated version of the moment.js library (version 2.29.4), which is not affected by this CVE.

Rescan: Rerun the security scan after the upgrade to confirm the issue is no longer reported.