Java Agent 24.09 Vulnerabilities
Article ID: 388095
Updated On:
Products
DX Application Performance Management
Issue/Introduction
Below are the new vulnerabilities reported for Java agent 2024.09 patch:-
| Component Name | Component Version | CVE (Vulnerability ID) | Security Risk | CVSS Score |
| Apache Tomcat | 9.0.87 | BDSA-2024-9919 | HIGH | 8.5 |
| Apache Tomcat | 9.0.87 | BDSA-2024-9762 | HIGH | 8.8 |
| Apache Tomcat | 9.0.87 | BDSA-2024-8736 | MEDIUM | 6.4 |
| IBM MQ | 9.3.2.0 | CVE-2024-35156 | MEDIUM | 6.5 |
| Spring Security | 5.7.12 | BDSA-2024-8942 | MEDIUM | 4.2 |
| Logback | 1.2.13 | BDSA-2024-9866 | MEDIUM | 5.8 |
| Logback | 1.2.13 | BDSA-2024-9861 | MEDIUM | 6.5 |
| Spring Framework | 5.3.37 | BDSA-2024-8653 | MEDIUM | 4.9 |
Environment
DX Application Performance Management 24.2
JAVA AGENT 2024.09
Resolution
These are medium severity and will be fixed in next release 25.3 or 25.4.
Feedback
Yes
No
Powered by
