Security scans reveal the following vulnerabilities on Netops Portal, Data Collector and Data Aggregator after the upgrade 21.2.12:
Release : 21.2.12
Component : DX NetOps Performance Management Vulnerabilities
NetOps Performance Management 21.2.9 and higher (including 21.2.12) use JRE 11.0.14_1 (adoptopenjdk) for Portal, Data Aggregator and Data Collector components.
This JRE 11.0.14 version is vulnerable to the reported CVE's.
Broadcom has shipped build 11.0.16+8 in release 22.2.2
openjdk version "11.0.16" 2022-07-19
OpenJDK Runtime Environment Temurin-11.0.16+8 (build 11.0.16+8)
OpenJDK 64-Bit Server VM Temurin-11.0.16+8 (build 11.0.16+8, mixed mode)
Please upgrade to the latest available version to insure your security is at the highest level.
These are the relevant vulnerabilities:
CVE-2022-21426,CVE-2022-21434,CVE-2022-21443,CVE-2022-21449,CVE-2022-21476,CVE-2022-21496
CVE-2022-21540,CVE-2022-21541,CVE-2022-21549,CVE-2022-25647,CVE-2022-34169