You are viewing the documentation for Blueriq 14. Documentation for other versions is available in our documentation directory.

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Current »

Identifier

Component

Issue

Solution

BQ-20832




BQ-20797

Tomcat

The Tomcat server that was bundled with the Blueriq installer was vulnerable to CVE-2023-28709.

Tomcat has been updated to address the vulnerability.

BQ-20768

Runtime

CVE-20873 was detected for Spring boot

Fixed by upgrading Spring boot to the latest versions.

BQ-20749

Studio

Various CVEs (CVE-2020-1045, CVE-2022-29117, CVE-2017-11770) were reported for the Studio backend, but none were applicable to the .NET version used by Blueriq

Suppressed the specific CVEs

BQ-20747

Audit Consumer, Customer Data Service, DCM Dashboard, DCM Lists Service, Gateway, Runtime, Maintenance App

CVE-2023-33201 detected for bouncy-castle lower than 1.73

Upgraded to version 1.76

CSD-4853

Audit Consumer, Customer Data Service, DCM Lists Service, Runtime, Maintenance App

CVE-2023-34034 was detected for Spring security

Blueriq is not affected by CVE-2023-34034 since we do not use '**' matchers and certainly not with Spring WebFlux. Nevertheless we have upgrade the Spring dependencies to version that are no longer affected by this CVE.

  • No labels

Didn't find the answer you were looking for? Try the advanced search