ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

DX Spectrum : CVE-2021-25329 About the vulnerability

book

Article ID: 212708

calendar_today

Updated On:

Products

CA Spectrum

Issue/Introduction

Apache Tomcat has published a vulnerability information for CVE-2021-25329.

(1) Does the above vulnerability apply to Spectrum 10.4.1 (Oneclick)?

(2) Does the above vulnerability apply to CABI 7.1.1?

Cause

At this moment we use Apache Tomcat/8.5.30 for CABI 7.1.1.

We will be upgraded to 9.0.43 tomcat in the next release where this vulnerability is fixed.

Apache Tomcat has published a vulnerability information for CVE-2021-25329.

 

Environment

Release : 10.4.1

Component : Spectrum Core / SpectroSERVER

Resolution

The Apache Tomcat has been updated to 8.5.64.0

See steps below how to install new CABI 7.1.1

- Install CABI 7.1.1 SP1 on a new server
- Migrate (export/import) the reports from the old CABI 7.1.1 server

(1) YES, the above vulnerability apply to Spectrum 10.4.1 (Oneclick).

(2)   Install CABI 7.1.1 SP1 on a new server

Additional Information

 Q) Is it possible to run setup.sh and change 7.1.1 to 7.1.1 SP1?
A. No. Just install on a new server. Then migrate (export/import) the reports from the old CABI 7.1.1 server