Skip to main content

Question

 Rahmat Juniawan Santoso (RahmatS8)
Pt Anabatic Technologies Tbk
Rahmat Juniawan Santoso
Pt Anabatic Technologies Tbk
ID
RahmatS8 Member since 2021 3 posts
Pt Anabatic Technologies Tbk
Posted: Oct 19, 2022
Last activity: Jan 12, 2023
Posted: 19 Oct 2022 3:59 EDT
Last activity: 12 Jan 2023 13:27 EST
Solved

Does pega use the Apache Common Text library?

Hi All,

Does pega use the Apache Common Text library?

Because I got info regarding this from Our IT Security Client "Vulnerability Advisory - CVE-2022-42889"

Please give feedback and suggestions.

Thank you. Rahmat  

To see attachments, please log in.
Pega Platform 8.1.3
Security
Consumer Services
System Architect
Support Case Created

  • Reply

Accepted Solution

Posted: 2 years ago
Updated: 2 years ago
Posted: 12 Jan 2023 13:26 EST
Updated: 12 Jan 2023 13:27 EST
Marije Schillern (MarijeSchillern)
MOD
Senior Knowledge Management Specialist
Pegasystems Inc.
GB

 I can see that INC-246283 was resolved.

For CVE-2022-42889 Apache Commons Text vulnerability Apply HFIX-84506

The solution was to have it installed and commited on dt4 and stg1 and cloud team helped with the prod install. . 

To see attachments, please log in.
Posted: 2 years ago
Posted: 19 Oct 2022 4:51 EDT
Srinivas Bharat Komarina (KOMARINA)
Accenture
Senior System Architect
Accenture
GB

@RahmatS8 Hi, Greetings. Pega does not use commons-text directly however if you use tools like Pega-traceViewer, then this commons-text is used.

Regards,

Bharat

To see attachments, please log in.
Posted: 2 years ago
Posted: 19 Oct 2022 5:37 EDT
Rahmat Juniawan Santoso (RahmatS8)
Pt Anabatic Technologies Tbk
Rahmat Juniawan Santoso
Pt Anabatic Technologies Tbk
ID

@KOMARINA Hi Bharat,

Thanks for the quick response and explanation, but I have one question again related warning "Vulnerability Advisory - CVE-2022-42889",

so there is no significant impact from the pega side? I just want to make sure. Thank you, Rahmat

To see attachments, please log in.
Posted: 2 years ago
Updated: 2 years ago
Posted: 24 Oct 2022 12:18 EDT
Updated: 24 Oct 2022 12:32 EDT
Marije Schillern (MarijeSchillern)
MOD
Senior Knowledge Management Specialist
Pegasystems Inc.
GB

@RahmatS8  @DanielD4743  

I have checked internally with our support team as this question has been asked by other clients.  

We are analyzing the Apache Text vulnerability in Pega Platform to check if any patch is required at a product level.

https://blogs.apache.org/security/entry/cve-2022-42889

We will keep you updated on our analysis.  If you feel you have further questions, please log a support incident on the MSP and let us know the ticket number here to allow us to track it.

 

To see attachments, please log in.

Accepted Solution

Posted: 2 years ago
Updated: 2 years ago
Posted: 12 Jan 2023 13:26 EST
Updated: 12 Jan 2023 13:27 EST
Marije Schillern (MarijeSchillern)
MOD
Senior Knowledge Management Specialist
Pegasystems Inc.
GB

 I can see that INC-246283 was resolved.

For CVE-2022-42889 Apache Commons Text vulnerability Apply HFIX-84506

The solution was to have it installed and commited on dt4 and stg1 and cloud team helped with the prod install. . 

To see attachments, please log in.
Posted: 2 years ago
Posted: 24 Oct 2022 11:28 EDT
Daniel Deusch (DanielD4743)
DB Systel GmbH
Pega CoE
DB Systel GmbH
DE

@KOMARINA  hi Bharat,

may I ask how do you know it is not used internally? On Pega 8.7.2, I can find on System-Runtime-Code entries from commons-text-1.6.jar archive.

Thanks in advance,

Daniel

To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice