Netty Black Duck Scan issue for CA APM 10.7

Document ID : KB000074806
Last Modified Date : 28/03/2018
Show Technical Document Details
Question:
Planning an upgrade to CA APM 10.7 GA release. Recently we downloaded and ran Black Duck scans. We found two vulnerabilities

BD Component Name    BD Component Version    BD KB Id    BD Release Id    Vulnerability    Severity    CVSS    Published Date

Netty - io.netty:netty-parent    4.0.26.Final    thenettyproject1639058    4690027    CVE-2015-2156    Medium    4.3    10/18/2017
Netty - io.netty:netty-parent    4.0.26.Final    thenettyproject1639058

How can I eliminate this?
Environment:
APM 10.7
Answer:
 As a quick workaround for  CVE-2016-4970, CVE-2015-2156, all that has to be done is replace netty-all-4.0.26.Final.jar has to be manually replaced with netty-all-4.0.37.Final.jar.  

On my system, I found this file in C:\Program Files\CA APM\Introscope10.7.0.35\APMSqlServer\repo 

To directly download the jar file, directly click on http://central.maven.org/maven2/io/netty/netty-all/4.0.37.Final/netty-all-4.0.37.Final.jar