Java Agent and commons-compress and Guava and the vulnerable classes with CVEs

book

Article ID: 144112

calendar_today

Updated On:

Products

CA Application Performance Management Agent (APM / Wily / Introscope) CA Application Performance Management (APM / Wily / Introscope) INTROSCOPE DX Application Performance Management

Issue/Introduction

Java Agent and commons-compress and Guava and the vulnerable classes with CVEs.

Cause

The Guava library that the agent uses, is loaded by our own custom class loader. Thus, it is not accessible by the application. 

Environment

Release : 10.7.0

Component : APM Agents

Resolution

The Guava library that the APM Java Agent uses, are loaded by our custom class loader and hence won’t be accessible by the application.

If the application uses some utilities from the Guava library, they have to use its own copy/version where the CVE's have been addressed.