Is Autosys affected by vulnerabilities CVE-2023-44487 CVE-2023-42794  and CVE-2023-42795 
search cancel

Is Autosys affected by vulnerabilities CVE-2023-44487 CVE-2023-42794  and CVE-2023-42795 

book

Article ID: 275024

calendar_today

Updated On:

Products

CA Workload Automation AE - Scheduler (AutoSys) Autosys Workload Automation

Issue/Introduction

Is Autosys affected by these vulnerabilities CVE-2023-44487 CVE-2023-42794  and CVE-2023-42795  ?

Environment

All Supported Releases

Resolution

AutoSys and WebUI (WCC)

1) Vulnerability https://nvd.nist.gov/vuln/detail/CVE-2023-42794  - Impacted

Solution: Upgrade to Tomcat version 9.0.81 or higher in the 9.0.x series

 

2) Vulnerability https://nvd.nist.gov/vuln/detail/CVE-2023-42795  - Impacted 

Solution: Upgrade to Tomcat version 9.0.81 or higher in the 9.0.x series

 

3) Vulnerability https://nvd.nist.gov/vuln/detail/CVE-2023-44487 - Not impacted.  Only HTTP/2  protocol has impact.  AutoSys Web Server and  Web UI (WCC)  use HTTP/1.1 protocol (<tomcat>/conf/server.xml  a connector with protocol="HTTP/1.1").   

Note: https://bugzilla.redhat.com/show_bug.cgi?id=2242803  states that this was fixed in 9.0.81 onwards.  So, as part of fixing the first two items above, upgrade of tomcat eliminates this vulnerability also

 

WorkloadAutomation Agent:  Not Impacted

 

Embedded Entitlements Manager:  Not Impacted

 

Workload Automation iXP:  Upgrade to Tomcat that your iXP was configured with, to version 9.0.81 or higher in the 9.0.x series  or 8.5.93 or higher in the 8.5.x series

Additional Information

Steps on how to upgrade Tomcat for AutoSys: https://techdocs.broadcom.com/us/en/ca-enterprise-software/intelligent-automation/autosys-workload-automation/12-1/installing/Install-AutoSys/upgrade-tomcat-version-for-autosys.html

Upgrade Tomcat for iXP:  Stop iXP,  rename existing tomcat folder,  unzip new tomcat under same folder structure, rename new tomcat folder to the original tomcat folder name that iXP was prevously using. Move the iXP war file and any needed config files from old tomcat folder to new one.  Start new Tomcat

( https://techdocs.broadcom.com/us/en/ca-enterprise-software/intelligent-automation/ca-workload-automation-ixp/11-4-00/installing/upgrade-from-11-3-x-to-11-4-x-.html