Introscope Java Agent 10.7 CVE Security Vulnerability
search cancel

Introscope Java Agent 10.7 CVE Security Vulnerability


Article ID: 141142


Updated On:


CA Application Performance Management Agent (APM / Wily / Introscope) CA Application Performance Management (APM / Wily / Introscope) INTROSCOPE DX Application Performance Management



Release : 10.7.0

Component : APM Agents


Not applicable to Wily Java Agent 


Per Engineering, below two problems are applicable to agent. since have not found any referred jars/component/binaries (PDF report) in agent classpath or folder.

Among these only Guava 19.0 has vulnerability with CVE number CVE-2018-10237. Have done the analysis on the vulnerability and found that Guava allocates unbounded memory based on user input data.
This is a false positive for agent because the agent doesn't take any values from the user/end-user other than properties file. which is managed by the administrator.

Another one is commons-compress has sonatype-2018-0293 doesn't have any publicly available details to analyze the vulnerability.

Threat Level Problem Code Component
6 sonatype-2018-0293 org.apache.commons : commons-compress : 1.9
5 CVE-2018-10237 : guava : 19.0