Spring Framework 5.3.x < 5.3.26 / 6.0.x < 6.0.7 Security Bypass (CVE-2023-20860) vulnerability found in Performance Management.
search cancel

Spring Framework 5.3.x < 5.3.26 / 6.0.x < 6.0.7 Security Bypass (CVE-2023-20860) vulnerability found in Performance Management.

book

Article ID: 272597

calendar_today

Updated On:

Products

CA Performance Management - Usage and Administration DX NetOps

Issue/Introduction

Our security assessor has found vulnerabilities on some of our server and we would like to know if there are fixes/updates/patches for the following CVE:

Spring Framework 5.3.x < 5.3.26 / 6.0.x < 6.0.7 Security Bypass (CVE-2023-20860)

Environment

Release : 22.2

Cause

Performance Management 22.2.5 uses "spring-core-5.3.20.jar" which is vulnerable to CVE-2023-20860. 

Resolution

Performance Management version 23.3.1 system will have the "spring-core-5.3.28.jar" file which will address the Spring vulnerability. 

Powered by Wolken Software