P3 vulnerability spring-core-4.3.22.RELEASE.jar

book

Article ID: 242648

calendar_today

Updated On:

Products

CA Application Performance Management (APM / Wily / Introscope)

Issue/Introduction

We have P3 vulnerability for following file:

/usr/sap/ccms/wilyintroscope/product/enterprisemanager/configuration/org.eclipse.osgi/bundles/63/1/.cp/WebContent/WEB-INF/lib/spring-core-4.3.22.RELEASE.jar

QUALYS  is the tool, the CVE is one or both of these:
CVE-2014-0054
https://www.cvedetails.com/cve/CVE-2014-0054/

CVE-2013-7315
https://www.cvedetails.com/cve/CVE-2013-7315/

Environment

Release : 10.7.0

Component : Introscope

Resolution

This vulnerability will be totally fixed in 10.8. However, you can apply the HF84 that also addresses it.

Please raise a support ticket in order to request HF84.