search cancel

Apache ActiveMQ 5.16.1, Apache WSS4J 1.5.4 and Axis (Java) 1.4 Vulnerabilities

book

Article ID: 256014

calendar_today

Updated On:

Products

Service Virtualization CA Application Test

Issue/Introduction

The following vulnerabilities have been addressed in DevTest 10.7.0 and greater but still appear on the third party scan report.

  • Apache ActiveMQ 5.16.1: CVE-2020-1941, CVE-2020-13920, CVE-2021-26117 and CVE-2020-13947
  • Apache WSS4J 1.5.4: CVE-2014-3623, CVE-2015-0227, CVE-2015-0226 and CVE-2011-2487
  • Axis (Java) 1.4: CVE-2012-5784, CVE-2014-3596, CVE-2018-8032 and CVE-2019-0227

Environment

10.7.0 and 10.7.2 for on-premise installer and Images.

Cause

Third party vulnerabilities.

Resolution

The above vulnerabilities were addressed in 10.7 GA but will still appear in the third party scan as the component version number has not changed. If the third party tool cannot detect the fixes ported by repackaging the jar, then this should be mitigated directly with the third party scan tool.