IBM Support

Change History of Monitoring Agent for Weblogic

Product Readmes


Abstract

Change History of Monitoring Agent for Weblogic

Content

Product version Release date Agent version What’s new
APM V8.1.4.0.21 March 2024 08.24.03.00
Fixed the following issues:
  • CVE-2022-4065: cbeust testing could allow a remote authenticated attacker to traverse directories on the system, caused by improper archive file validation by the testngXmlExistsInJar function in JarFileUtils.java. An attacker could use a specially-crafted archive file containing "dot dot" sequences (/../) to execute arbitrary code on the system.
  • IBM X-Force ID: 221124: JCommander could allow a remote attacker to obtain sensitive information, caused by the use of HTTP to resolve dependencies instead of HTTPS. By sniffing the network traffic, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
APM V8.1.4.0.20 May 2023 08.23.05.00
  • Added support for RHEL 9 x86_64 Operating System
  • Added support for Windows Server 2022 (Datacenter and Standard editions)
Fixed the following vulnerability issues:
  • CVE-2021-36373: When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected.
  • CVE-2020-1945: Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.
  • CVE-2012-2098: Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
  • CVE-2020-11979: As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.
  • CVE-2021-36374: When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files. Apache Ant prior to 1.9.16 and 1.10.11 were affected.
  • CVE-2015-3253: The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object.
  • CVE-2016-6814: When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible for an attacker to bake a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects were subject to this vulnerability.
  • CVE-2020-17521: Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the extension methods mentioned in the advisory are not affected, but may wish to read the advisory for further details. Versions Affected: 2.0 to 2.4.20, 2.5.0 to 2.5.13, 3.0.0 to 3.0.6, and 4.0.0-alpha-1. Fixed in versions 2.4.21, 2.5.14, 3.0.7, 4.0.0-alpha-2.
APM V8.1.4.0.11 Nov 2021 08.21.07.00 Added the support Weblogic Server 14c
APM V8.1.4.0.11 Mar 2020 08.20.03.00
Added the support ILMT support.
Defect fixed.
ICAM 2019.4.0
 December 2019 08.14.05.17
  • Added ICAM support.
APM V8.1.4.0.3
 April 2018 08.14.01.00
  • Transaction tracking and deep-dive diagnostics are enabled on AIX – Previously these features were only enabled on Linux and Windows.
  • The Request Summary drill-down for servlets that are implemented with annotations for transaction tracking and deep-dive diagnostics is enhanced.
APM V8.1.4 August 2017 08.14.00.00
  • Transaction tracking and deep-dive diagnostics were added to the agent in the Advanced Agents
    offering on Linux and Windows. 
APM V8.1.3.2 April 2017  08.13.02.00
  • Fix help files for Brazilian Portuguese.
V8.1.3 April 2016 08.13.00.00
  • New agent available.
 

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSVJUL","label":"IBM Application Performance Management"},"ARM Category":[{"code":"a8m500000008b1IAAQ","label":"Weblogic Agent"}],"ARM Case Number":"","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB67","label":"IT Automation \u0026 App Modernization"}}]

Document Information

Modified date:
22 March 2024

UID

ibm10882252

Page Feedback