Below are the new vulnerabilities reported for Java agent 2024.09 patch:-
Component Name | Component Version | CVE (Vulnerability ID) | Security Risk | CVSS Score |
Apache Tomcat | 9.0.87 | BDSA-2024-9919 | HIGH | 8.5 |
Apache Tomcat | 9.0.87 | BDSA-2024-9762 | HIGH | 8.8 |
Apache Tomcat | 9.0.87 | BDSA-2024-8736 | MEDIUM | 6.4 |
IBM MQ | 9.3.2.0 | CVE-2024-35156 | MEDIUM | 6.5 |
Spring Security | 5.7.12 | BDSA-2024-8942 | MEDIUM | 4.2 |
Logback | 1.2.13 | BDSA-2024-9866 | MEDIUM | 5.8 |
Logback | 1.2.13 | BDSA-2024-9861 | MEDIUM | 6.5 |
Spring Framework | 5.3.37 | BDSA-2024-8653 | MEDIUM | 4.9 |
These are medium severity and will be fixed in next release 25.3 or 25.4.