CA Service Management

CVE ISSUE (CVE-2024-24549 and CVE-2023-46589)

I have CA Service Mangament version 17.4.1 AND Tomcat 9.0.71

I double checked the latest updates from CA (V17.4.3) and apparently they are not currently addressed. Are there any workaround OR scheduled release/fix for this?

Lucas........

If the remediation of the mentioned vulnerabilities is to upgrade Tomcat, you can follow the published documentation to upgrade to any Tomcat 9.x version:

https://techdocs.broadcom.com/us/en/ca-enterprise-software/business-management/ca-service-management/17-4/upgrade-to-ca-service-management-17-4/upgrading-to-ca-service-desk-manager-17-4/install-and-configure-apache-tomcat.html

Hope that this information helps.

CVE ISSUE (CVE-2024-24549 and CVE-2023-46589)

I have CA Service Mangament version 17.4.1 AND Tomcat 9.0.71

I double checked the latest updates from CA (V17.4.3) and apparently they are not currently addressed. Are there any workaround OR scheduled release/fix for this?

There is a session in the document that mentions:
"We reserve the right to refuse support of new point releases should the reported problem require a major SDM rework or redesign in order to function properly. "

Given that, do you know if there are any know issues regarding stability and if there are, would I receive support? The document does mention a backup, but do you know if the rollback is a straightforward process?

Lucas........

If the remediation of the mentioned vulnerabilities is to upgrade Tomcat, you can follow the published documentation to upgrade to any Tomcat 9.x version:

https://techdocs.broadcom.com/us/en/ca-enterprise-software/business-management/ca-service-management/17-4/upgrade-to-ca-service-management-17-4/upgrading-to-ca-service-desk-manager-17-4/install-and-configure-apache-tomcat.html

Hope that this information helps.

CVE ISSUE (CVE-2024-24549 and CVE-2023-46589)

I have CA Service Mangament version 17.4.1 AND Tomcat 9.0.71

I double checked the latest updates from CA (V17.4.3) and apparently they are not currently addressed. Are there any workaround OR scheduled release/fix for this?

Lucas.......

We have not heard of any issues with upgrading to a newer version of Tomcat 9.x

The rollback would be either:

1. Revert to the backup/snapshot prior to the Tomcat upgrade OR
2. Revert to the original files modified as part of the documented process

If you require additional information, please provide your Broadcom Site ID so we can open a Support Case on your behalf

There is a session in the document that mentions:
"We reserve the right to refuse support of new point releases should the reported problem require a major SDM rework or redesign in order to function properly. "

Given that, do you know if there are any know issues regarding stability and if there are, would I receive support? The document does mention a backup, but do you know if the rollback is a straightforward process?

Lucas........

If the remediation of the mentioned vulnerabilities is to upgrade Tomcat, you can follow the published documentation to upgrade to any Tomcat 9.x version:

https://techdocs.broadcom.com/us/en/ca-enterprise-software/business-management/ca-service-management/17-4/upgrade-to-ca-service-management-17-4/upgrading-to-ca-service-desk-manager-17-4/install-and-configure-apache-tomcat.html

Hope that this information helps.

CVE ISSUE (CVE-2024-24549 and CVE-2023-46589)

I have CA Service Mangament version 17.4.1 AND Tomcat 9.0.71

I double checked the latest updates from CA (V17.4.3) and apparently they are not currently addressed. Are there any workaround OR scheduled release/fix for this?