search cancel

DUAS: Security alerts High on Java Components 6.10.41 and superior

book

Article ID: 199684

calendar_today

Updated On:

Products

CA Automic Dollar Universe

Issue/Introduction

Security tool  JFrog Xray version 2.8.9 launched against Dollar Universe Java Components on 6.10.41 detects several Severity High alerts (basically all related to the Manager for Java that uses OpenSource Common Libraries).

Here is the list of the libraries to change/upgrade:

  • log4j-1.2.15.jar
  • xercerImpl-2.6.2.jar
  • jasperreports-4.0.1.jar
  • commons-httpclient-3.0.1.jar
  • bcprov-jdk16.jar

Environment

Release : 6.x

Product: DOLLAR UNIVERSE

Subcomponents: all Java Based Components( UVMS, UVC, Reporter, DUX, Manager for Java)

Cause

Outdated common source jars used by Dollar Universe Java Based Components.

Resolution

Update to a fix version listed below or a newer version if available.

Fix version(s): 
Component: UVMS, UVC, Reporter, DUX, Manager for Java
Dollar Universe 6.10.61 - Scheduled January 2021