IBM Support

Change History of Monitoring Agent for SAP NetWeaver Java Stack

Product Readmes


Abstract

Change History of Monitoring Agent for SAP NetWeaver Java Stack

Content

Product version Release date Agent version What’s new
APM V8.1.4.0.21 March 2024 8.24.03.00
  • Upgraded SAP NetWeaver Java Stack agent to the latest toolkit build, 7.3.0.17.0
  • Added Windows Server 2016, Windows Server 2019, and Windows Server 2022 support for the toolkit.
Fixed the following vulnerability issue:
  • CVE-2023-3635 : Okio GzipSource is vulnerable to a denial of service, caused by unhandled exception. By sending a specially crafted gzip buffer, a remote attacker could exploit this vulnerability to cause a denial of service
APM V8.1.4.0.20 May 2023 8.23.05.00
  • Upgraded SAP NetWeaver Java Stack agent to the latest toolkit build, 7.3.0.16.0
Fixed the following vulnerability issues:
  • CVE-2021-36373: When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected.
  • CVE-2020-1945: Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.
  • CVE-2012-2098: Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
  • CVE-2020-11979: As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.
  • CVE-2021-36374: When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files. Apache Ant prior to 1.9.16 and 1.10.11 were affected.
  • CVE-2019-0205: In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings.
  • CVE-2022-25647: The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.
  • CVE-2019-9740 (For Unix and Linux OS only): An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.
  • CVE-2016-4000 (For Unix and Linux OS only): Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a crafted serialized PyFunction object.
APM V8.1.4.0.19 November 2022 8.22.07.00
  • Added support for Red Hat Enterprise Linux (RHEL) 9.0 on x86_64 Operating System
CP4MCM 2.3.0.2 August 2022 08.22.07.00
  • Added support for AIX 7.3 Operating System
  • Added support for Red Hat Enterprise Linux (RHEL) 9.0 on x86_64 Operating System
APM V8.1.4.0.18 April 2022 08.22.04.00
  • Added support for Windows Server 2022 Operating System (Datacenter and Standard editions)
  • Added support for AIX 7.3 Operating System
CP4MCM 2.3.1 January 2022 08.22.01.00
  • General improvements in agent
  • Added support for Windows Server 2022 Operating System (Datacenter and Standard editions)
APM V8.1.4.0.17 October 2021 08.21.09.00
  • General improvements in APM agent.
CP4MCM 2.2 December 2020 08.20.11.00
  • General improvements in agent.
  • The ICAM Agent now supports SAP NETWEAVER 7.5 Application Server Java  SPS 018 and SPS 019.
CP4MCM 2.0 August 2020 08.20.08.00
  • General improvements in agent.
  • The ICAM Agent now supports Transaction Tracking for applications deployed on SAP NETWEAVER Java Stack Application Server.
  • The ICAM Agent now supports SAP NETWEAVER 7.5 Application Server Java  SPS 017.
APM V8.1.4.0.12 June 2020 08.20.06.00
  • General improvements in APM agent.
APM V8.1.4.0.11 ICAM 2020.1.0 March 2020 08.20.03.00
  • General improvements in APM agent.
  • The ICAM and APM Agent both now support SAP NETWEAVER 7.5 Application Server Java  SPS 016.
  • Added Golden Signals- Latency, Saturation, Traffic and Error for the SAP Netweaver JAVA instance for ICAM Agent.
APM V8.1.4.0.9 ICAM 2019.3.0 September 2019 08.19.09.00
  • General improvements in APM agent.
  • Introducing SAP NetWeaver Java Stack Agent on ICAM.
V8.1.4.0.8 June 2019 08.19.06.00
  • The Agent now supports Red Hat Enterprise Linux (RHEL) 8 on x86-64 (64 bit) platforms.
  • The Agent now supports SUSE Linux Enterprise Server (SLES) 15 on x86-64 (64 bit) platform.
  • The Agent now supports Windows Server 2019 DE and SE (64 bit) platforms.
  • The Agent now supports Windows Server 2016 DE and SE (64 bit) platforms.
V8.1.4.0.4 July 2018 01.00.05.00
  • General improvements.
V8.1.4.0.3 April 2018 01.00.04.00
  • The agent supports Spring Boot Applications.
V8.1.4.0.1 December 2017 01.00.03.00
  • The agent can now restore the SAP NetWeaver Application Server instance.
V8.1.4 August 2017 01.00.02.00
  • The agent is available in the Advanced Extension Pack (on premises).
  • General improvements.
V8.1.3.2 April 2017
(SaaS only)		 01.00.01.00
  • Data sets, group widgets, and pages are added to collect and view the transaction tracking and diagnostics data.
  • The agent can now be installed and configured on Windows 2016 systems.
V8.1.3.1 September 2016
(SaaS only)		 01.00.00.00
  • The agent is available in the Advanced Extension Pack.

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSVJUL","label":"IBM Application Performance Management"},"Component":"Monitoring Agent for SAP NetWeaver Java Stack","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB67","label":"IT Automation \u0026 App Modernization"}}]

Document Information

Modified date:
22 March 2024

UID

ibm10880555

Page Feedback