Skip Ribbon Commands
Skip to main content
Navigate Up
Sign In

Quick Launch

Average Rating:

facebook Twitter
Email
Print Bookmark Alert me when this article is updated

Feedback

Informatica Blaze security issues because of old version of Jetty library
Problem Description
Blaze job monitor displays the following line at the bottom: “Powered by Jetty:// 9.3.9.v20160517”

Based on this version string, the Jetty release appears to be more than 3 years old and has several vulnerabilities raised.

Vulnerabilities:

CVE-2017-7656, CVE-2017-7657, CVE-2017-7658, CVE-2018-12536, CVE-2018-12538

Newer versions of Jetty have these vulnerabilities addressed.
Cause
The current Jetty library version in use in Blaze job monitor is 9.3.9.

Vulnerabilities are reported in the third party library JETTY, which is used in the Blaze monitor.

Version of Jetty library - 9.3.9

Vulnerabilities:
CVE-2017-7656, CVE-2017-7657, CVE-2017-7658, CVE-2018-12536, CVE-2018-12538

Solution
The next release of Informatica BDM 10.4 (tentatively scheduled for Dec 2019) will have upgraded Jetty libraries where these vulnerabilities are addressed.
More Information
Applies To
Product: Data Engineering Integration(Big Data Management)
Problem Type: Security
User Type: Developer
Project Phase: Onboard
Product Version:
Database:
Operating System:
Other Software:

Reference
Attachments
Last Modified Date:11/18/2019 10:55 PMID:589973
People who viewed this also viewed

Feedback

Did this KB document help you?



What can we do to improve this information (2000 or fewer characters)