search cancel

CVE-2022-42889 - Test Data Manager

book

Article ID: 252558

calendar_today

Updated On:

Products

CA Test Data Manager (Data Finder / Grid Tools)

Issue/Introduction

CVE-2022-42889 was published in the National Vulnerability Database on 13 October, 2022.  More information can be found here

The vulnerability is caused with the use of Apache Commons Text 1.5 through 1.9.  Is Test Data Manager affected by this?

Environment

TDM 4.10

Cause

Third Party Vulnerability

Resolution

As per engineering team analysis, FDM and TDM Portal components are impacted by this vulnerability.

FDM Status:

FDM fix has been published and available under version 4.10.62.0 where the commons-text version 4.9  is replaced with 4.10.0. 

Links to download:

- https://ftp.broadcom.com/user/downloads/pub/TDM/FDM/FastDataMasker-4.10.62.0.zip

- https://ftp.broadcom.com/user/downloads/pub/TDM/FDM/FastDataMasker-4.10.62.0.tar.gz

TDM Portal Status:

TDM Portal fix has been published and available under the version 4.10.119.0.

Link to download:

- https://ftp.broadcom.com/user/downloads/pub/TDM/TDMPortal/TDMWeb-4.10.119.0.zip

- https://ftp.broadcom.com/user/downloads/pub/TDM/Docker/TDM_Portal_docker-4.10.119.0.tgz

 

NOTE: Since all TDM component builds are incremental, the fix for this vulnerability impact will available from FDM version 4.10.62.0, Portal version 4.10.119.0 and above.

KB Article for applying TDM component patches:

- https://knowledge.broadcom.com/external/article?articleId=10931