- CDD SaaS: not impacted by these vulnerabilities at all.
- OnPrem CDD:
- If your CDD OnPrem is using Java 8.x - CDD is not impacted by these vulnerabilities.
- If your CDD OnPrem is using Java 9+, please see below for additional details.
This vulnerability is exploited by use of Spring Cloud Function. CA Continuous Delivery Director (CDD) does not use Spring Cloud Functions. This is true for CDD SaaS and CDD OnPrem.
There are a couple of prerequisites for exploiting this vulnerability. One of those prerequisites is using JDK9+.
- CDD SaaS: CDD SaaS is not impacted by this vulnerability as CDD SaaS does not use JDK9.
- CDD OnPrem: CDD officially supports Java JRE 8.x and and Java JRE 11.0, not JDK9. It is recommended to evaluate your environment to ensure that JDK9+ is not being used. If it is using JDK9, options for mitigating this vulnerability:
- Replace JDK9+ is used, replace it with the latest version of Java JRE 8.x; and/or
- Use tomcat 8.5.78 which handles this vulnerability.