CVE-2023-46604 and Automic Automation

search cancel

CVE-2023-46604 and Automic Automation

book

Article ID: 279215

calendar_today

Updated On: 02-20-2024

Products

CA Automic Workload Automation - Automation Engine

Issue/Introduction

CVE-2023-46604 was published by the Apache Software Foundation on October 27th, 2023.

The vulnerability is caused by these files and versions:

- Apache ActiveMQ 5.18.0 before 5.18.3
- Apache ActiveMQ 5.17.0 before 5.17.6
- Apache ActiveMQ 5.16.0 before 5.16.7
- Apache ActiveMQ before 5.15.16
- Apache ActiveMQ Legacy OpenWire Module 5.18.0 before 5.18.3
- Apache ActiveMQ Legacy OpenWire Module 5.17.0 before 5.17.6
- Apache ActiveMQ Legacy OpenWire Module 5.16.0 before 5.16.7
- Apache ActiveMQ Legacy OpenWire Module 5.8.0 before 5.15.16

Resolution

These files were used by the Automic RA Web Service REST until version 4.6.1. It is not included in the solution 4.6.2 and above.

Please upgrade your RA Web Service REST solution to a later version than 4.6.1.

Additional Information

These files can also be found in the cache folder of the RA Web Service REST bin --> cache folder (file name WEBSERVICEREST.jar).

Windows:

This file can be searched with Powershell

PS C:\automic\WS21\Agents\RA.WS.REST\bin\cache\WEBSERVICEREST\1648134559000> jar tf .\WEBSERVICEREST.jar

If the ActiveMQ files do show up

Stop the RA Web Service REST agent and delete the folder in the cache directory, in the example above the folder name is: 1648134559000

Once deleted start the RA Web Service REST agent again.

Unix/Linux:

Navigate to the cache folder, i.e. /opt/Automic/Automation.Platform/Agents/rapidautomation/WEBSERVICEREST01/bin/cache/WEBSERVICEREST/1708465102000

jar --list --file WEBSERVICEREST.jar

If the files show up in the result the folder in the example above 1708465102000 can also be deleted, i.e. rm -rf 1708465102000.

Feedback

Was this article helpful?

thumb_up Yes

thumb_down No