Vulnerability in DevTest 10.7.2 - CVE-2022-3782 and CVE-2021-21351
search cancel

Vulnerability in DevTest 10.7.2 - CVE-2022-3782 and CVE-2021-21351

book

Article ID: 262097

calendar_today

Updated On:

Products

Service Virtualization

Issue/Introduction

Reported vulnerabilities in Dynatrace scan:

CVE-2022-3782 - keycloak: Directory Traversal. 9.1 Critical risk vulnerability. Vulnerable component: keycloak-services-3.4.3.Final.jar
CVE-2021-21351 - Deserialization of Untrusted Data - 9.1 Critical risk vulnerability. Vulnerable component: xstream-1.4.8.jar

Environment

Release : 10.7.2

Cause

N/A

Resolution

CVE-2022-3782 - We have upgraded to keycloak 15. x version in 10.7.2 and this vulnerability is not reported in our scan. 

CVE-2021-21351 - We have upgraded to xtream to 1.4.18 version in 10.7.2 and this vulnerability is not reported in our scan. 

Powered by Wolken Software