APM Java Agent 10.8 - Security vulnerabilities issues

search cancel

APM Java Agent 10.8 - Security vulnerabilities issues

book

Article ID: 281924

calendar_today

Updated On: 04-11-2024

Products

DX APM SaaS DX Application Performance Management CA Application Performance Management (APM / Wily / Introscope) CA Application Performance Management Agent (APM / Wily / Introscope) CA Application Performance Management SaaS

Issue/Introduction

Below are the security vulnerabilities reported in Blackduck security scans of Java Agent 10.8

Component Name	Component Version	CVE (Vulnerability ID)	Security Risk	CVSS Overall Score
Netty Project	4.1.84.Final / 4.1.83.Final / 4.1.82 Final	CVE-2023-44487 / BDSA-2023-2732	High	7.5
		CVE-2022-41915 / BDSA-2022-3560	MEDIUM	6.5
		CVE-2023-34462 / BDSA-2023-1556	MEDIUM	6.5
		BDSA-2018-4022	MEDIUM	4.7
SnakeYAML	1.28	CVE-2022-1471 / BDSA-2022-3447	CRITICAL	9.8
Apache Commons IO	2.15.1	CVE-2021-29425 / BDSA-2021-0922	MEDIUM	4.8
Logback 1.2.12	7.5	CVE-2023-6481 (BDSA-2023-3341)	HIGH	7.5
Logback 1.2.12	7.5	CVE-2023-6378 (BDSA-2023-3307)	HIGH	7.5

Environment

DX APM 10.8

DX APM SaaS

Resolution

All the above critical CVEs are fixed in latest APM java agent 2024.3.2 version.

Additional Information

https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/dx-apm-agents/SaaS/release-notes/24-3-2.html

Feedback

Was this article helpful?

thumb_up Yes

thumb_down No