Netops Performance Management - Java Multiple Vulnerabilties (Unix April 2022 CPU) and (July 2022 CPU)
search cancel

Netops Performance Management - Java Multiple Vulnerabilties (Unix April 2022 CPU) and (July 2022 CPU)

book

Article ID: 246867

calendar_today

Updated On: 10-31-2022

Products

CA Performance Management Network Observability

Issue/Introduction

Security scans reveal the following vulnerabilities on Netops Portal, Data Collector and Data Aggregator after the upgrade 21.2.12:

161241 Oracle Java SE Multiple Vulnerabilities (Unix April 2022 CPU) Security_Patch_Process_App High 7,5 CVE-2022-21426,CVE-2022-21434,CVE-2022-21443,CVE-2022-21449,CVE-2022-21476,CVE-2022-21496 2022-05-17 2022-04-19 Apply the appropriate patch according to the April 2022 Oracle Critical Patch Update advisory. https://www.tenable.com/plugins/nessus/161241 "<plugin_output>
  Path              : /opt/IMDataCollector/
  Installed version : 11.0.14
  Fixed version     : Upgrade to version 11.0.15 or greater

163304 Oracle Java SE Multiple Vulnerabilities (July 2022 CPU) Security_Patch_Process_App High 7,5 CVE-2022-21540,CVE-2022-21541,CVE-2022-21549,CVE-2022-25647,CVE-2022-34169 2022-07-20 2022-07-19  Apply the appropriate patch according to the July 2022 Oracle Critical Patch Update advisory. https://www.tenable.com/plugins/nessus/163304 "<plugin_output>
  Path              : /opt/IMDataCollector/
  Installed version : 11.0.14
  Fixed version     : Upgrade to version 11.0.16 or greater

 

Environment

Release : 21.2.12

Component : DX NetOps Performance Management Vulnerabilities

Cause

NetOps Performance Management 21.2.9 and higher (including 21.2.12) use JRE 11.0.14_1 (adoptopenjdk) for Portal, Data Aggregator and Data Collector components.

This JRE 11.0.14 version is vulnerable to the reported CVE's.

Resolution

Broadcom has shipped build 11.0.16+8 in release 22.2.2

openjdk version "11.0.16" 2022-07-19
OpenJDK Runtime Environment Temurin-11.0.16+8 (build 11.0.16+8)
OpenJDK 64-Bit Server VM Temurin-11.0.16+8 (build 11.0.16+8, mixed mode)

Please upgrade to the latest available version to insure your security is at the highest level.

Additional Information

These are the relevant vulnerabilities:

CVE-2022-21426,CVE-2022-21434,CVE-2022-21443,CVE-2022-21449,CVE-2022-21476,CVE-2022-21496

CVE-2022-21540,CVE-2022-21541,CVE-2022-21549,CVE-2022-25647,CVE-2022-34169