Uploaded image for project: 'JOC - JobScheduler Operations Center'
  1. JOC - JobScheduler Operations Center
  2. JOC-1442

Upgrade commons-net to 3.9.0 due to 3rd Party vulnerability CVE-2021-37533

    XMLWordPrintable

Details

    • Fix
    • Status: Released (View Workflow)
    • Minor
    • Resolution: Fixed
    • 1.13.16, 2.5.0
    • 1.13.17, 2.5.1
    • None
    • None
    • CVE-2021-37533

    Description

      Current Situation

      JobScheduler 1.x Master, AgentĀ  and JOC Cockpit, as well as JS7 Agent are using the commons-net 3rd-party component. A vulnerability affects the version in use, see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37533.
      We rate this vulnerability as minor, because a malicious server has to be configured explicitly as the target server to exploit the vulnerability.

      Desired Behavior

      All components should use commons-net 3.9.0 which fixes the issue.

      Attachments

        Activity

          People

            sp Santiago Aucejo Petzoldt
            sp Santiago Aucejo Petzoldt
            Kanika Agrawal Kanika Agrawal
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: