SSD 7.0.2 detected vulnerabilities blocked by security scanning

fionali · March 27, 2025, 2:08am

Has anyone been using SSD 7.0.2 to setup the IdentityIQ but detected vulnerabilities blocked by security scanning?

Are the following packages in use or can be removed? Can advise how to remove from the package if not required?

ssd-v7.0.2.zip
Detected vulnerabilities:

bcprov-jdk18on-1.71.jar - CVE-2024-30171
bsh-2.0b4.jar - CVE-2016-2510
commons-compress-1.23.0.jar - CVE-2024-26308
commons-io-2.13.0.jar - CVE-2024-47554
tomcat-catalina-ant-7.0.14.jar - CVE-2013-4590

enistri_devo · March 27, 2025, 7:29am

those jar are librery util for the beanshell and java, depending how you install IIQ could be util or not. In everycase you can update to the last version to resolve the vulnerabilities

fionali · March 28, 2025, 1:51am

Is there a newer version ssd package that has the latest jar packages? Or do you mean updating individual jar packages?

enistri_devo · March 28, 2025, 7:07am

this, because i think 7.0.2 is the last version