Security vulnerabilities issues in Java Agent 10.8
Article ID: 281924
Updated On:
Products
DX APM SaaS
DX Application Performance Management
CA Application Performance Management (APM / Wily / Introscope)
CA Application Performance Management Agent (APM / Wily / Introscope)
CA Application Performance Management SaaS
Issue/Introduction
Below are the security vulnerabilities reported in Blackduck security scans of Java Agent 10.8
| Component Name | Component Version | CVE (Vulnerability ID) | Security Risk | CVSS Overall Score |
| Netty Project | 4.1.84.Final / 4.1.83.Final / 4.1.82 Final | CVE-2023-44487 / BDSA-2023-2732 | High | 7.5 |
| CVE-2022-41915 / BDSA-2022-3560 | MEDIUM | 6.5 | ||
| CVE-2023-34462 / BDSA-2023-1556 | MEDIUM | 6.5 | ||
| BDSA-2018-4022 | MEDIUM | 4.7 | ||
| SnakeYAML | 1.28 | CVE-2022-1471 / BDSA-2022-3447 | CRITICAL | 9.8 |
| Apache Commons IO | 2.15.1 | CVE-2021-29425 / BDSA-2021-0922 | MEDIUM | 4.8 |
| Logback 1.2.12 | 7.5 | CVE-2023-6481 (BDSA-2023-3341) | HIGH | 7.5 |
| 7.5 | CVE-2023-6378 (BDSA-2023-3307) | HIGH | 7.5 |
Environment
- DX APM 10.8
- DX APM SaaS
Resolution
All the above critical CVEs are fixed in APM java agent 2024.3.2 and onward versions.
Contact Broadcom Support to obtain a copy of latest Agent packages
Feedback
Yes
No
Powered by
