ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Which Automic Components can be impacted by the vulnerabilities CVE-2022-21476/CVE-2022-21449

book

Article ID: 240357

calendar_today

Updated On:

Products

CA Automic Workload Automation - Automation Engine

Issue/Introduction

Are there any recomendations whether and which Automic Components can be impacted by the above vulnerabilities?

OpenJDK Vulnerability Advisory: 2022/04/19 (java.net)

https://www.oracle.com/security-alerts/cpuapr2022.html

We use currently AdoptOpenJDK 11.0.9 for all our components.

 

Environment

Release : 12.3.8

Component :

Resolution

Automic will not have any impact related to this. It only impacts Oracle Java directly - You need to reach out to Oracle about impact and mitigation at oracle side.

It's a java vulnerability - solution will be an updated java version, but openjdk seems only affected by one of them in versions 8/11

https://openjdk.java.net/groups/vulnerability/advisories/2022-04-19