search cancel

Vulnerabilities found with AWI files logback-classic.jar, logback-core.jar, xstream.jar, json-smart.jar

book

Article ID: 258420

calendar_today

Updated On:

Products

CA Continuous Delivery Automation - Automation Engine

Issue/Introduction

The following vulnerabilities are present in Automation Engine 12.3.3:

CVE-2017-5929 involves logback-classic.jar, logback-core.jar --> https://nvd.nist.gov/vuln/detail/CVE-2017-5929
CVE-2013-7285 involves xstream.jar --> https://nvd.nist.gov/vuln/detail/CVE-2013-7285
CVE-2021-27568 involves json-smart.jar --> https://nvd.nist.gov/vuln/detail/CVE-2021-27568

Environment

Release : 12.3

Cause

Defect

Resolution

The vulnerabilities have been addressed in Automation.Engine 12.3.9 - released.

Please upgrade to version 12.3.9 or higher.