Multiple security vulnerabilities related to Amazon Corretto and jdk-8u412.

book

Article ID: 100073836

calendar_today

Updated On:

Description

Error Message

This may vary depending on the security scanner used to detect vulnerabilities.

Cause

This issue is due to vulnerable versions of Java installed with eDP.

Resolution

This issue is resolved by upgrading to eDP 10.3.1 as it ships with newer versions of Amazon Corretto Java that does not have any known security vulnerabilities.

As a result, they are not expected to be detected by any security scanners.

Issue/Introduction

Currently, eDP v10.2.7 is certified to work with Java SE Development Kit 8, update Amazon Corretto 1.8.0.412. Security scans resulted in numerous vulnerabilities for Amazon Corretto (Java) 1.8.0.412. These vulnerabilities detected are as follows: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21147, CVE-2024-21144, CVE-2024-21145, CVE-2024-21208, CVE-2024-21210, CVE-2024-21235, and CVE-2024-21217. The affected versions are 22.0.1, 21.0.3, 17.0.11, 11.0.23, 8u412, and earlier.

Additional Information

JIRA: CFT-7046

Was this article helpful?

thumb_up Yes

thumb_down No

Welcome to "KB Articles"