Vulnerability detected with A2A client version 4.12.3. Please see attached for NexuIQ scan results for more details, but it is due to commons-net.jar.
Please look into this asap, we need to proceed as the vulnerability is holding up projects/new builds.
Release : 4.x
Client's vulnerability scanner flagged this jar file.
After a review of the A2A code base, development determined that commons-net.jar is not a required file for any base A2A functionality and this jar file will be removed from any future releases of the A2A agent (starting with PAM 4.1.2). There is no patch required for running any previous since that jar file can simply be deleted without any restart of any services.
[[email protected] ]# find <Your A2A install folder> -name commons-net*.jar
[[email protected] ]# rm /opt/catech/cspmclient_v.4.12.3/lib/commons-net-3.3.jar
Delete the jar file using windows manager (Default location C:\cspm\cloakware\cspmclient\lib)