Vulnerability CVE-2023-26048 and the Data Aggregator
search cancel

Vulnerability CVE-2023-26048 and the Data Aggregator

book

Article ID: 366784

calendar_today

Updated On:

Products

DX NetOps CA Performance Management - Usage and Administration

Issue/Introduction

Vulnerability Reported: io.netty:netty-codec-http

CVE: CVE-2024-29025

Current Version: 4.1.107.Final

Fixed Version: 4.1.108

Server: Data Aggregator

Location:$DA_HOME/IMDataAggregator/maven_repository/io/netty/netty-codec-http/4.1.107.Final/netty-codec-http-4.1.107.Final.jar

Environment

All supported DX NetOps Performance Management Data Aggregator releases 23.3.9 and older.

Resolution

The Data Aggregator will be upgraded to the 4.1.108.Final release at a minimum starting with DX NetOps release 23.3.10.

Upgrade to 23.3.10 or newer releases to resolve this.

Additional Information

This is being tracked in engineering through Feature ID F145844. If additional information is needed open a new Support case referencing this KB article for additional information.