Vulnerabilities found with AWI files logback-classic.jar, logback-core.jar, xstream.jar, json-smart.jar
Article ID: 258420
Updated On:
Products
CA Continuous Delivery Automation - Automation Engine
Issue/Introduction
The following vulnerabilities are present in Automation Engine 12.3.3:
CVE-2017-5929 involves logback-classic.jar, logback-core.jar --> https://nvd.nist.gov/vuln/detail/CVE-2017-5929
CVE-2013-7285 involves xstream.jar --> https://nvd.nist.gov/vuln/detail/CVE-2013-7285
CVE-2021-27568 involves json-smart.jar --> https://nvd.nist.gov/vuln/detail/CVE-2021-27568
Environment
Release : 12.3
Cause
Defect
Resolution
The vulnerabilities have been addressed in Automation.Engine 12.3.9 - released.
Please upgrade to version 12.3.9 or higher.
Feedback
Yes
No
Powered by
