Vulnerability CVE-2020-7226 - AWI cryptacular.jar files

book

Article ID: 223435

calendar_today

Updated On:

Products

CA Automic One Automation

Issue/Introduction

The following vulnerability was found with the AWI and cryptacular.jar vulnerabilities:

CVE-2020-7226 - https://nvd.nist.gov/vuln/detail/CVE-2020-7226 - automic.sso.jar:lib/cryptacular.jar, org.eclipse.osgi/xx/x/.cp/lib/cryptacular.jar - affects version 1.2.3

Cause

High risk/impact vulnerability with 3rd party .jar file

Environment

Release : 12.3

Component : AUTOMATION ENGINE

Resolution

This will be resolved in a future release of 12.3 and version 21.  It will be resolved by using an upgraded version of cryptacular.jar