CVE-2022-42889 was published in the National Vulnerability Database on 13 October, 2022.  More information can be found here. 

The vulnerability is caused with the use of Apache Commons Text 1.5 through 1.9.  Is Test Data Manager affected by this?

TDM 4.10

Third Party Vulnerability

As per engineering team analysis, FDM and TDM Portal components are impacted by this vulnerability.

FDM Status:

FDM fix has been published and available under version 4.10.62.0 where the commons-text version 4.9  is replaced with 4.10.0. 

Links to download:

- https://ftp.broadcom.com/user/downloads/pub/TDM/FDM/FastDataMasker-4.10.62.0.zip

- https://ftp.broadcom.com/user/downloads/pub/TDM/FDM/FastDataMasker-4.10.62.0.tar.gz

TDM Portal Status:

TDM Portal fix has been published and available under the version 4.10.119.0.

Link to download:

- https://ftp.broadcom.com/user/downloads/pub/TDM/TDMPortal/TDMWeb-4.10.119.0.zip

- https://ftp.broadcom.com/user/downloads/pub/TDM/Docker/TDM_Portal_docker-4.10.119.0.tgz

NOTE: Since all TDM component builds are incremental, the fix for this vulnerability impact will available from FDM version 4.10.62.0, Portal version 4.10.119.0 and above.

KB Article for applying TDM component patches:

- https://knowledge.broadcom.com/external/article?articleId=10931