Vulnerability CVE-2023-40167 and the Data Aggregator
search cancel

Vulnerability CVE-2023-40167 and the Data Aggregator


Article ID: 366676


Updated On:


DX NetOps CA Performance Management - Usage and Administration


Scan results against the NetOps Data Aggregator returned the following vulnerability. When will it be resolved?

CVE: CVE-2023-40167

Current Version: 9.4.50.v20221201

Fixed Version: 12.0.1, 11.0.16, 10.0.16, 9.4.52

Server: Data Aggregator

Location: /[Partition=78dac6f3]/IMDataAggregator/maven_repository/org/eclipse/jetty/jetty-http/9.4.50.v20221201/jetty-http-9.4.50.v20221201.jar


All supported DX NetOps Performance Management Data Aggregator releases 23.3.9 and older.


This is embedded in the apache-karaf jetty implementation we utilize and upgrades to it are dependent on apache-karaf updates.

The Data Aggregator is moving to apache-karaf version 4.4.5 in the pending NetOps 23.3.10 release. It will bring version 9.4.53.v20231009 that remediates this.

Upgrade to 23.3.10 or newer releases to resolve this.