List of vulnerabilities found for APM java agent version 2014.9
Article ID: 383290
Updated On:
Products
Issue/Introduction
Found the following vulnerabilities for tomcat APM agent 2024.09 version (Tomcat_tomcat_20240924_v1).
|
Component |
CVE Number |
Score |
Risk |
|
Spring Security - 5.7.12 |
BDSA-2024-7762 |
7.1 |
High |
|
IBM MQ - 9.3.2.0 |
CVE-2024-35116 |
7.5 |
High |
|
Apache Tomcat - 9.0.87 |
BDSA-2024-4117 |
4.8 |
Medium |
|
|
BDSA-2024-6864 |
6.5 |
Medium |
|
protobuf-java - 3.25.3 |
BDSA-2024-6519 |
6.7 |
Medium |
|
Spring Boot - 2.7.18 |
BDSA-2024-5686 |
5.5 |
Medium |
|
Spring Framework - 5.3.37 |
BDSA-2024-5371 |
4.6 |
Medium |
|
|
BDSA-2024-5369 |
5.2 |
medium |
|
|
CVE-2024-38820 |
5.3 |
Medium |
|
|
BDSA-2024-6258 |
6.5 |
Medium |
|
|
BDSA-2024-7391 |
^.5 |
Medium |
|
Apache Tomcat - 9.0.87 |
BDSA-2024-8736 |
6.4 |
Medium |
|
Netty Project - 4.1.113, 4.1.112Final, 4.1.111 |
BDSA-2024-8565 |
5 |
Medium |
|
PathJson - 2.7.0 |
BDSA-2023-3682 |
4.8 |
Medium |
|
Spring Framework - 5.3.37 |
BDSA-2024-8653 |
4.9 |
Medium |
Environment
APM java agent version 2014.9
Resolution
Spring Boot - 2.7.18 and Spring Framework - 5.3.37, this will be part of 25.2.1 release. ETA : 1st half of March 2nd week
As per the plan the rest of the vulnerabilities will be fixed in version 25.1.1 .
Feedback
