-
Task
-
Resolution: Done
-
Medium
-
None
-
None
-
DCAE R4 Sprint 4, DCAE R4 Sprint 5, DCAE R4 Sprint 6
Following vulnerability identified under CLM scan; upgrade to version specified (last column)
| dcaegen2-collectors-restconf | org.apache.tomcat : tomcat-catalina : 8.0.36 | Apache Tomcat is vulnerable to Insufficient Authorization. The forwardToLoginPage(),forwardToErrorPage() methods of FormAuthenticator class, the invoke() method of StandardHostValve class, and the asyncDispatch() method of CoyoteAdapter class allows malicious requests to be processed as it does not use the appropriate facade object when running an untrusted application under a SecurityManage | Upgrade to 8.5.35 | ||
| dcaegen2-collectors-restconf | org.apache.httpcomponents : httpclient : 4.5 | The Apache httpcomponents component is vulnerable to Directory Traversal. The normalizePath() function in the URIBuilder class allows directory traversal characters such as ../. | Upgrade to 4.5.3 |
| dcaegen2-collectors-restconf | org.apache.tomcat.embed : tomcat-embed-core : 8.0.36 | The ResourceLinkFactory class of Apache Tomcat is vulnerable to Authorization Bypass. The {{addResourceLink() and}}removeResourceLink(){{methods of the}}NamingContextListener` class allows the ability to modify unauthorized resource links on global JNDI resources not linked to the web application. | Upgrade to 8.5.35 |