Vulnerability CVE-2018-10237 - AWI jar files (guava.jar)

book

Article ID: 223428

calendar_today

Updated On:

Products

CA Automic One Automation

Issue/Introduction

The following vulnerability was found with the AWI and guava.jar files

CVE-2018-10237 - https://nvd.nist.gov/vuln/detail/CVE-2018-10237 - automic.ert.jar:lib/guava.jar, automic.repository.jar:lib/guava.jar, automic.rest.jar:lib/guava.jar, automic.rest.server.jar:lib/guava.jar, automic.sso.jar:lib/guava.jar, automic.tasks.jar:lib/guava.jar, org.eclipse.osgi/xx/x/.cp/lib/guava.jar - affects versions between 11.0 and 24.x before 24.1.1

Cause

Medium risk/impact vulnerability with 3rd party .jar file

Environment

Release : 12.3

Component : AUTOMATION ENGINE

Resolution

As CVE-2018-10237 (guava.jar) is a medium risk vulnerability, this will not be fixed in 12.3 or future releases.  If there's a specific use case that can be shown that presents a security risk, please open a case with Support with steps to reproduce and impact of the security risk and a fix can be re-visited.