DX NetOps - Vulnerabilities on CAPM application
Article ID: 232894
Updated On:
Products
DX NetOps
Issue/Introduction
we referred below doc and updated accordingly on log4J vulnerabilities, However post recent VA scan observed below VA points.
https://knowledge.broadcom.com/external/article?articleId=230391
| App | OS | Title | Severity | Type |
| CA Data Aggregator | RHEL 7.3 | Apache Log4j 1.2 Remote Code Execution Vulnerability | 3 | Log4j |
| CA Data repository | RHEL 7.3 | Oracle Java SE Critical Patch Update - October 2021 (CPUOCT2021) | 3 | Java |
| CA Data repository | RHEL 7.3 | Oracle Java SE Critical Patch Update - July 2021 (CPUJUL2021) | 3 | Java |
| CA Data collector | RHEL 7.3 | Apache Log4j 1.2 Remote Code Execution Vulnerability | 3 | Log4j |
| CA Performance Center | RHEL 7.3 | Apache Log4j 1.2 Remote Code Execution Vulnerability | 3 | Log4j |
Environment
Release : 21.2
Component : Virtual Network Assurance For CA Performance Management
Resolution
Product team is looking to move to Java 11.0.11_9 for PC in 21.2.8 (which will include log4j2 2.17.1 also).
21.2.3+ DA is running Java 11.0.11_9 with no current ETA on when we plan to upgrade Java 11 for DA.
We are looking to move to Mysql 8 in 21.2.8 for PC also.
Basically, you will need to upgrade to latest 21.2.x as the new versions release with updated mysql/java/log4j.
https://knowledge.broadcom.com/external/article?articleId=230262
Feedback
Yes
No
Powered by
