What fixes are in APM 10.7 hotfix 7

Document ID : KB000105891
Last Modified Date : 10/07/2018
Show Technical Document Details
What fixes are included in 10.7 hotfix 7 that supersedes hotfix 6?
APM 10.7
Affected components = EM,WV,WS, APMSqlSrv, Postgrs,ACC 

NOTE: this is a cumulative hotfix and includes all fixes in previous 10.7 hotfixes

[Fixed Issues]:

DE354396: 00994619-Open Source Blackduck Vulnerabilities
DE300305: 00772370 - Common Vulnerabilities and Exposures (CVE) security threat
DE359094: CVE-2016-5007 (APMSqlServer) - spring-core-3.2.18.RELEASE.jar and spring-aop-3.2.18.RELEASE.jar reported against APM 10.7 using Black Duck
DE359087: CVE-2016-9878, CVE-2016-5007 (APMSqlServer) - spring-core-3.2.16.RELEASE.jar reported against APM 10.7 using Black Duck
DE358676: 01061287-INFLUENCEOF CVE-2018-1273: RCE with Spring Data Commons
DE316022: PostgreSQL security vulnerabilities reported by JPMC: CVE-2014-3660, CVE-2013-2877, CVE-2013-0339, CVE-2016-1684, CVE-2015-7995, CVE-2016-1683
DE359803: Security vulnerabilities in PostgreSQL-9.6.2/pgAdmin 4 - xmllib.py, pct_warnings.py, _compat.py, testapp.py (CVE-2013-7459 is HIGH and 5 MEDIUM vuln.)
DE354641 - CVE-2017-7525 (WebView) - jackson-databind reported against APM 10.7 using Black Duck Scan (00986299) - HIGH
DE266666 - CVE fixes for APMSQL Server
DE351113 - CVE-2017-8046 - RCE in PATCH requests in Spring Data REST
DE354864 - Update Jackson Json to latest patch version to fix CVE-2017-7525
DE352441 - 00986299-Black Duck Scan issue for CA APM 10.7
Additional Information:
To obtain a copy of this HOTFIX contact CA Support.