CA Service Management

 View Only
  • 1.  Oracle Java SE Risk on SDM 17.3 at 17 Enero 2023

    Posted 12 days ago
    Good afternoon Comunnity,

    Actually we have a report about a vulnerability in JAVA, see this link:

    https://www.oracle.com/security-alerts/cpujan2023.html#AppendixJAVA

    CVE-2022-43548

    CVE-2023-21835

    CVE-2023-21830

    CVE-2023-21843


    ¿SDM 17.3 will there be a patch to fix it?, please let me know about that and I'm waiting for responses, thanks!


  • 2.  RE: Oracle Java SE Risk on SDM 17.3 at 17 Enero 2023

    Broadcom Employee
    Posted 12 days ago
    I would strongly recommend opening a Broadcom Support Case for this vulnerability.

    When opening the Support Case, make sure to provide the following:

    1.  Copy of the Vulnerability report
    2.  ENV.INFO and NX.ENV files from the SDM server
    3.  Are there other Broadcom solutions other than SDM that you have found this vulnerability on?

    ------------------------------
    Paul Coccimiglio
    [JobTitle]
    [CompanyName]
    ------------------------------



  • 3.  RE: Oracle Java SE Risk on SDM 17.3 at 17 Enero 2023

    Posted 12 days ago
    Thanks for the prompt response, we will proceed to open the case, as the report is done for java applications in general, we currently use SDM, EEM and CA Process Automation.