search cancel

CVE-2022-42889 - Service Virtualization / DevTest

book

Article ID: 252557

calendar_today

Updated On:

Products

Service Virtualization

Issue/Introduction

CVE-2022-42889 was published in the National Vulnerability Database on 13 October, 2022.  More information can be found here

The vulnerability is caused with the use of Apache Commons Text 1.5 through 1.9.  Is Service Virtualization( DevTest ) affected by this?

Environment

DevTest 10.7.x, 10.6.x and earlier

Cause

Third Party Vulnerability

Resolution

As per initial analysis, SV/DevTest is impacted by this vulnerability.

Existing Installation:

1. On Premise

  • For 10.6, 10.7 or 10.7.2, apply the patch to the DevTest installation. Use support credentials to login : 10.6.0 patch  , 10.7.0 patch and 10.7.2 patch.      Apply the patch to both Service Virtualization Server and Workstation components; follow the steps mentioned in the “README_STEPS.txt.”  In the README_STEPS.txt, there are a few components to update including replacing the commons-text-1.6.jar with the commons-text-1.10.jar.
  • For DevTest 10.7 please upgrade to DevTest 10.7.2 and for further questions contact Broadcom Support.
  • For 10.5 or lower, please upgrade to a supported version and apply the required patch.


2. Docker Images

The latest Docker images with the vulnerability fixes for different SV releases are hosted at sv-docker.packages.broadcom.com/sv.

 

10.6.0

virtual-service-catalog

sv-docker.packages.broadcom.com/sv/virtual-service-catalog:1.7.2.6

lisa

sv-docker.packages.broadcom.com/sv/lisa:10.6.0.1

portal

sv-docker.packages.broadcom.com/sv/portal:10.6.0.1

iaam

sv-docker.packages.broadcom.com/sv/iaam:1.3.2.9

10.6.1

virtual-service-catalog

sv-docker.packages.broadcom.com/sv/virtual-service-catalog:1.7.3.9.2

lisa

sv-docker.packages.broadcom.com/sv/lisa:10.6.1.1

portal

sv-docker.packages.broadcom.com/sv/portal:10.6.1.1

iaam

sv-docker.packages.broadcom.com/sv/iaam:1.3.3.5

10.6.2

virtual-service-catalog

sv-docker.packages.broadcom.com/sv/virtual-service-catalog:1.7.4.2.2

lisa

sv-docker.packages.broadcom.com/sv/lisa:10.6.2.1

portal

sv-docker.packages.broadcom.com/sv/portal:10.6.2.1

iaam

sv-docker.packages.broadcom.com/sv/iaam:1.4.0.2

10.6.3

virtual-service-catalog

sv-docker.packages.broadcom.com/sv/virtual-service-catalog:1.7.4.2.2

lisa

sv-docker.packages.broadcom.com/sv/lisa:10.6.3.1

portal

sv-docker.packages.broadcom.com/sv/portal:10.6.3.1

iaam

sv-docker.packages.broadcom.com/sv/iaam:1.4.0.2

10.6.4

virtual-service-catalog

sv-docker.packages.broadcom.com/sv/virtual-service-catalog:1.7.5.31.2

lisa

sv-docker.packages.broadcom.com/sv/lisa:10.6.4.101.1

portal

sv-docker.packages.broadcom.com/sv/portal:10.6.4.89.1

iaam

sv-docker.packages.broadcom.com/sv/iaam:1.4.1.12.2

10.7.0

virtual-service-catalog

sv-docker.packages.broadcom.com/sv/virtual-service-catalog:1.7.6.42.4

lisa

sv-docker.packages.broadcom.com/sv/lisa:10.7.0.168.1

portal

sv-docker.packages.broadcom.com/sv/portal:10.7.0.70.1

iaam

sv-docker.packages.broadcom.com/sv/iaam:1.4.2.79.1

10.7.2

virtual-service-catalog

sv-docker.packages.broadcom.com/sv/virtual-service-catalog:1.7.8.56.7

lisa

sv-docker.packages.broadcom.com/sv/lisa:10.7.2.374.5

portal

sv-docker.packages.broadcom.com/sv/portal:10.7.2.306.5

iaam

sv-docker.packages.broadcom.com/sv/iaam:1.4.5.670.3

10.7.2 NGINX

virtual-service-catalog

sv-docker.packages.broadcom.com/sv/virtual-service-catalog:1.7.8.56.7

lisa

sv-docker.packages.broadcom.com/sv/lisa:10.7.2.374.6

portal

sv-docker.packages.broadcom.com/sv/portal:10.7.2.306.6

iaam

sv-docker.packages.broadcom.com/sv/iaam:1.4.5.670.3

 

Update Images by pulling:

Follow these instructions to pull the latest docker images:

  • Login to sv-docker.packages.broadcom.com with valid credentials (username and token):

docker login sv-docker.packages.broadcom.com -u <USER_EMAIL> -p <ACCESS_TOKEN>

 

Note: To get the access token, follow the DevTest Solutions documentation.

  • Pull the latest image.

 

 

Please check back in this article regularly for updates.