Vulnerability CVE-2023-26048 and the Data Aggregator
search cancel

Vulnerability CVE-2023-26048 and the Data Aggregator


Article ID: 366675


Updated On:


DX NetOps CA Performance Management - Usage and Administration


Scan results against the NetOps Data Aggregator returned the following vulnerability. When will it be resolved?

CVE: CVE-2023-26048,

Current Version: 9.4.50.v20221201

Fixed Version:9.4.51.v20230217, 11.0.14, 10.0.14

Servers: Data Aggregator

Location: /[Partition=78dac6f3]/IMDataAggregator/maven_repository/org/eclipse/jetty/jetty-server/9.4.50.v20221201/jetty-server-9.4.50.v20221201.jar


All supported DX NetOps Performance Management Data Aggregator releases 23.3.9 and older.


This is embedded in the apache-karaf jetty implementation we utilize and upgrades to it are dependent on apache-karaf updates.

The Data Aggregator is moving to apache-karaf version 4.4.5 in the pending NetOps 23.3.10 release. It will bring version 9.4.53.v20231009 that remediates this.

Upgrade to 23.3.10 or newer releases to resolve this.