ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Java Security Vulnerability found for DX NetOps Performance Management

book

Article ID: 212761

calendar_today

Updated On:

Products

CA Performance Management - Usage and Administration DX NetOps

Issue/Introduction

Security scan found vulnerabilities in the OpenJDK Java version DX NetOps Performance Management is using, Java 1.8.0_222.

The Vulnerability is fixed in the following Java versions:

  • 1.7.0_241
  • 1.8.0_231
  • 1.11.0_5
  • 1.13.0_1

How can this be resolved, and what other DX NetOps Performance Management releases are impacted?

Cause

Java Vulnerability in the DX NetOps Performance Management releases r20.2.1 through r20.2.7 which use OpenJDK Java version 1.8.0_222.

This version of Java is used by all DX NetOps Performance Management server components including:

  • Data Repository
  • Data Aggregator
  • Data Collector
  • Performance Center

Fault Tolerant Data Aggregator Consul Proxy hosts are not affected.

Environment

DX NetOps Performance Management releases r20.2.1 through r20.2.7

Resolution

Upgrade to the latest versions of DX NetOps Performance Management.

The OpenJDK Java version was first updated to 1.8.0.275 in the r20.2.8 release.

The current r20.2.9 release uses OpenJDK Java version 1.8.0.282.