ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Security - OpenJDK findings

book

Article ID: 237177

calendar_today

Updated On:

Products

CA Performance Management - Usage and Administration DX NetOps

Issue/Introduction

scans reveal the following findings on Netops Performance Center, DA and DC servers after upgrade to 21.2.8

(CVE-2021-2341,CVE-2021-2369,CVE-2021-2388,CVE-2021-2432,CVE-2021-35550,CVE-2021-35556,CVE-2021-35559,CVE-2021-35561,CVE-2021-35564,CVE-2021-35565,CVE-2021-35567,CVE-2021-35578,CVE-2021-35586,CVE-2021-35588,CVE-2021-35603,CVE-2022-21248,CVE-2022-21277,CVE-2022-21282,CVE-2022-21283,CVE-2022-21291,CVE-2022-21293,CVE-2022-21294,CVE-2022-21296,CVE-2022-21299,CVE-2022-21305,CVE-2022-21340,CVE-2022-21341,CVE-2022-21349,CVE-2022-21360,CVE-2022-21365,CVE-2022-21366)

/opt/CA/jre/bin/java - 11.0.11

/opt/CA/IMDataAggregator/jre/bin/java - 11.0.11

/opt/CA/IMDataCollector/jre/bin/java - 11.0.11

Environment

Release : 21.2.8

Component : PM Web UI Admininistration/Configuration

java 11.0.11

Resolution

DX NetOps Performance Management 21.2.9 uses java 11.0.14_1

Which remediates all of these vulnerabilities.

Additional Information

CVE-2021-2341 - https://nvd.nist.gov/vuln/detail/CVE-2021-2341

CVE-2021-2369 - https://nvd.nist.gov/vuln/detail/CVE-2021-2369

CVE-2021-2388 - https://nvd.nist.gov/vuln/detail/CVE-2021-2388

CVE-2021-2432 - https://nvd.nist.gov/vuln/detail/CVE-2021-2432

CVE-2021-35550 - https://nvd.nist.gov/vuln/detail/CVE-2021-35550

CVE-2021-35556 - https://nvd.nist.gov/vuln/detail/CVE-2021-35556

CVE-2021-35559 - https://nvd.nist.gov/vuln/detail/CVE-2021-35559

CVE-2021-35561 - https://nvd.nist.gov/vuln/detail/CVE-2021-35561

CVE-2021-35564 - https://nvd.nist.gov/vuln/detail/CVE-2021-35564

CVE-2021-35565 - https://nvd.nist.gov/vuln/detail/CVE-2021-35565

CVE-2021-35567 - https://nvd.nist.gov/vuln/detail/CVE-2021-35567

CVE-2021-35578 - https://nvd.nist.gov/vuln/detail/CVE-2021-35578

CVE-2021-35586 - https://nvd.nist.gov/vuln/detail/CVE-2021-35586

CVE-2021-35588 - https://nvd.nist.gov/vuln/detail/CVE-2021-35588

CVE-2021-35603 - https://nvd.nist.gov/vuln/detail/CVE-2021-35603

CVE-2022-21248 - https://nvd.nist.gov/vuln/detail/CVE-2022-21248

CVE-2022-21277 - https://nvd.nist.gov/vuln/detail/CVE-2022-21277

CVE-2022-21282 - https://nvd.nist.gov/vuln/detail/CVE-2022-21282

CVE-2022-21283 - https://nvd.nist.gov/vuln/detail/CVE-2022-21283

CVE-2022-21291 - https://nvd.nist.gov/vuln/detail/CVE-2022-21291

CVE-2022-21293 - https://nvd.nist.gov/vuln/detail/CVE-2022-21293

CVE-2022-21294 - https://nvd.nist.gov/vuln/detail/CVE-2022-21294

CVE-2022-21296 - https://nvd.nist.gov/vuln/detail/CVE-2022-21296

CVE-2022-21299 - https://nvd.nist.gov/vuln/detail/CVE-2022-21299

CVE-2022-21305 - https://nvd.nist.gov/vuln/detail/CVE-2022-21305

CVE-2022-21340 - https://nvd.nist.gov/vuln/detail/CVE-2022-21340

CVE-2022-21341 - https://nvd.nist.gov/vuln/detail/CVE-2022-21341

CVE-2022-21349 - https://nvd.nist.gov/vuln/detail/CVE-2022-21349

CVE-2022-21360 - https://nvd.nist.gov/vuln/detail/CVE-2022-21360

CVE-2022-21365 - https://nvd.nist.gov/vuln/detail/CVE-2022-21365

CVE-2022-21366 - https://nvd.nist.gov/vuln/detail/CVE-2022-21366