Will broadcom officially comment on if and how these vulnerabilities affect agent 21.6.0.33, and which agent version has these vulnerabilities fixed.

From an application team in regards to a recent security scan by our security team. Our app team has broadcast the below information to multiple recipients including the APM team, there is high visibility on this issue.

------- forwarded email snippet  ---- security scan result attached as a spreadsheet.

However we found that on path : “/IntroscopeAgent/nonprod/wily/releases/21.6/core/ext/lib/ “  there are few .jar files available.

Out of which for “netty-codec.jar” and “commons-compress.jar” we are getting High vulnerabilities on Twistlock Prisma scan result . Please find attached Prisma Twistlock scan result for the High Vulnerability for “netty-codec.jar” and “commons-compress.jar” along with the fixed version as per Anthem standard.

Hence requesting you to upgrade the packages  version for the package “io.netty_netty-codec” and “org.apache.commons_commons-compress”  and provide us the latest Non prod and Prod wily agent bundle to mitigate the Twistlock Vulnerability.

Release : 21.3

Component : Integration with APM

The latest agents version 2022.1 has all these CVEs addressed.