TDM 4.8+ Java Upgrade
search cancel

TDM 4.8+ Java Upgrade

book

Article ID: 204186

calendar_today

Updated On:

Products

CA Test Data Manager (Data Finder / Grid Tools)

Issue/Introduction

 

We are seeing the following Java vulnerability reported on our Datamaker servers. We show the following components:

  • FDM 4.8.162
  • GTEDI 4.7.0.2
  • GT Datamaker 4.7.40

However, one of the servers shows to have AdoptOpenJDK 1.8.0_212 installed, so that system could be running TDM 4.8+. Would upgrading to TDM 4.9.1 resolve the reported vulnerability?

 

CVE Numbers: CVE-2019-2894,CVE-2019-2933,CVE-2019-2945,CVE-2019-2949,CVE-2019-2958,CVE-2019-2962,CVE-2019-2964,CVE-2019-2973,CVE-2019-2975,CVE-2019-2977,CVE-2019-2978,CVE-2019-2981,CVE-2019-2983,CVE-2019-2987,CVE-2019-2988,CVE-2019-2989,CVE-2019-2992,CVE-2019-2996,CVE-2019-2999,CVE-2019-11068

Description: The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 7 Update 241, 8 Update 231, 11 Update 5, or 13 Update 1. It is, therefore, affected by multiple vulnerabilities related to the following components :

    • 2DLibraries
    • Kerberos
    • Networking
    • JavaFX
    • Hotspot
    • Scripting
    • Javadoc
    • Deployment
    • Concurrency
    • JAXP
    • Serialization
    • Security

Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

 

Solution: Upgrade to Oracle JDK / JRE 13 Update 1, 11 Update 5, 8 Update 231 / 7 Update 241 or later. If necessary, remove any affected versions.

Environment

Release: 4.9.1

Component: CA Test Data Manager

Resolution

Currently, TDM 4.9.1 also installs the same AdoptOpenJDK release. Therefore, Product Development has agreed to convert this to an Enhancement Request (US715972), which will be delivered in an undetermined future release of TDM.
Powered by Wolken Software