CA Service Management

 View Only
  • 1.  Oracle Java SE Risk on SDM 17.3 at 17 Enero 2023

    Posted Jan 23, 2023 12:50 PM
    Good afternoon Comunnity,

    Actually we have a report about a vulnerability in JAVA, see this link:

    https://www.oracle.com/security-alerts/cpujan2023.html#AppendixJAVA

    CVE-2022-43548

    CVE-2023-21835

    CVE-2023-21830

    CVE-2023-21843


    ¿SDM 17.3 will there be a patch to fix it?, please let me know about that and I'm waiting for responses, thanks!


  • 2.  RE: Oracle Java SE Risk on SDM 17.3 at 17 Enero 2023

    Broadcom Employee
    Posted Jan 23, 2023 01:23 PM
    I would strongly recommend opening a Broadcom Support Case for this vulnerability.

    When opening the Support Case, make sure to provide the following:

    1.  Copy of the Vulnerability report
    2.  ENV.INFO and NX.ENV files from the SDM server
    3.  Are there other Broadcom solutions other than SDM that you have found this vulnerability on?

    ------------------------------
    Paul Coccimiglio
    [JobTitle]
    [CompanyName]
    ------------------------------



  • 3.  RE: Oracle Java SE Risk on SDM 17.3 at 17 Enero 2023

    Posted Jan 23, 2023 02:09 PM
    Thanks for the prompt response, we will proceed to open the case, as the report is done for java applications in general, we currently use SDM, EEM and CA Process Automation.