APM 10.8 - vulnerabilities: Xstream 1.4.19 and Tomcat 8.5.83
search cancel

APM 10.8 - vulnerabilities: Xstream 1.4.19 and Tomcat 8.5.83

book

Article ID: 258553

calendar_today

Updated On:

Products

CA Application Performance Management (APM / Wily / Introscope)

Issue/Introduction

 
Blackduck scans of the  have revealed vulnerabilities in two open source components:
 
Scanned  version: 10.8.1.6
 
XStream 1.4.19 à fix in 1.4.20

CVE-2022-40151 (score 6.7, medium)

CVE-2022-41966 (score 6.7, medium)

 

Apache Tomcat 8.5.83 à fix in 8.5.84

CVE-2022-45143 (score 4.6, medium)

(file locations:

javax.servlet_3.1.0.jar -> apache-jsp-8.5.70-tc81.jar -> /org/apache/juli/logging/

org.mortbay.jetty_9.4.49.jar -> apache-jsp-8.5.70-tc81.jar -> /org/apache/juli/logging/

 

Environment

Release : 10.8

Resolution

To be fixed in 10.8 SP1

Additional Information

 
 
Powered by Wolken Software