Some third party libraries used in Dollar Universe Java products ( UVMS, UVC, Reporter , DUX, Manager for Java) contain some known vulnerabilities.
Security Scan tools like Nessus, Jfrog Xray or similar may raise some High Alerts.
Release : 6.10
Component : DOLLAR UNIVERSE
Product: Java based Components only
Recently discovered vulnerabilities in the version of the Third Party Libraries shipped within some Dollar Universe Components
Update to a fix version listed below or a newer version if available.
Fix version(s):
Component: All Java-Based Components (UVMS, UVC, Reporter, DUX, Dollar Universe WebServices, and Manager for Java)
Dollar Universe 6.10.41 - Released 15th July 2020
UVMS, UVC, Reporter, DUX, Dollar Universe WebServices, and Manager for Java use third party libraries with known vulnerabilities.
The following libraries have been replaced or upgraded to fix these vulnerabilities:
xstream.jar
poi.jar
derby.jar
derbytools.jar
derbynet.jar
derbyclient.jar
spring-beans.jar
spring-context.jar
spring-jms.jar
spring-tx.jar
spring-aop.jar
spring-jdbc.jar
spring-orm.jar
spring-aspects.jar
spring-core.jar
spring-web.jar
commons-beanutils.jar
commons-collections.jar
dom4j.jar
batik.jar