DUAS: Vulnerabilities on Third Party jars delivered within Java Components

book

Article ID: 193091

calendar_today

Updated On:

Products

CA Automic Dollar Universe

Issue/Introduction

Some third party libraries used in Dollar Universe Java products ( UVMS, UVC, Reporter , DUX, Manager for Java) contain some known vulnerabilities.

Security Scan tools like Nessus, Jfrog Xray or similar may raise some High Alerts.

Cause

Recently discovered vulnerabilities in the version of the Third Party Libraries shipped within some Dollar Universe Components

Environment

Release : 6.10

Component : DOLLAR UNIVERSE

Product: Java based Components only

Resolution

Update to a fix version listed below or a newer version if available.

Fix version(s): 
Component: All Java-Based Components  (UVMS, UVC, Reporter, DUX, Dollar Universe WebServices, and Manager for Java)
Dollar Universe 6.10.41 - Released 15th July 2020

Additional Information

UVMS, UVC, Reporter, DUX, Dollar Universe WebServices, and Manager for Java use third party libraries with known vulnerabilities.

The following libraries have been replaced or upgraded to fix these vulnerabilities:
xstream.jar
poi.jar
derby.jar
derbytools.jar
derbynet.jar
derbyclient.jar
spring-beans.jar
spring-context.jar
spring-jms.jar
spring-tx.jar
spring-aop.jar
spring-jdbc.jar
spring-orm.jar
spring-aspects.jar
spring-core.jar
spring-web.jar
commons-beanutils.jar
commons-collections.jar
dom4j.jar
batik.jar