search cancel

CVE-2022-42889 - Nolio Release Automation

book

Article ID: 252608

calendar_today

Updated On:

Products

CA Release Automation - DataManagement Server (Nolio) CA Release Automation - Release Operations Center (Nolio)

Issue/Introduction

CVE-2022-42889 was published in the National Vulnerability Database on 13 October, 2022.  More information can be found here. 

The vulnerability is caused with the use of Apache Commons Text 1.5 through 1.9.  Is Nolio Release Automation impacted by this? 

 

Environment

Nolio Release Automation 6.7

Cause

Third Party Vulnerability

Resolution

Broadcom Engineering team has analyzed this vulnerability and found that Nolio Release Automation is not impacted by this vulnerability as it does not use Apache-Commons-Text at all. 

 

Please Note:

If you use the ca-ra-infrastructure-manager-actions action pack, it does use Apache-Commons-Text. This action pack is not impacted by this vulnerability - as it doesn't use the affected StringSubstitutor API of Apache-Commons-Text. Nevertheless, the next version of the action pack will include an upgraded version of this library.