search cancel

CVE-2022-42889 and OI

book

Article ID: 252482

calendar_today

Updated On:

Products

DX Operational Intelligence

Issue/Introduction

CVE-2022-42889 was published in the National Vulnerability Database on 13 October, 2022.  More information can be found at https://nvd.nist.gov/vuln/detail/CVE-2022-42889

The vulnerability is caused with the use of Apache Commons Text 1.5 through 1.9.  Is OI (Operational Intelligence) affected by this?

Resolution

2022 10-25 One component was identified as vulnerable. 

The remediation plan is the following at this time:

On-premise:

1)     Include a fix in the 22.1 release with target GA date around mid-November.

2)     There will be no fix  on prior releases like 21.3.1.
 
 
SaaS :

1)     Refresh the environment with the fixin late October/early November.

2022-10-19: Broadcom Support and Engineering is looking into this on priority.  Please check back in this article regularly for updates.