Apache vulnerability for Spectrum

book

Article ID: 195844

calendar_today

Updated On:

Products

CA Spectrum CA eHealth

Issue/Introduction

CVE-2020-9484

CVE-2019-10072

CVE-2019-0199

CVE-2020-9484

CVE-2020-11996

 

The above CVE's are showing up in scans as vulnerable on Spectrum 10.4.0 and 10.4.1

Environment

Release : 10.4

Component : Spectrum Core / SpectroSERVER

Resolution

CVE-2020-9484- Spectrum does not use Persistent Manager and therefore we are not vulnerable.

CVE-2019-10072, CVE-2019-0199 - We are vulnerable and fixed in 10.4.2

CVE-2020-9484 - Not vulnerable

CVE-2020-11996 - Vulnerable but fixed in 10.5.0 where we will upgrade to Tomcat 9.0.37+

So our suggestion would be to upgrade to 10.4.2 at the moment to address the first 2.  The 3rd is a non-issue and the 4th will be resolved in the future.

 

10.5.0 has a tentative release date of end of year 2020.