Article - CS225391
Vulnerability Affecting the Apache Commons Collections Library in Servigistics Products
Modified: 17-Dec-2015
Applies To
- Service Suite (formerly 4CS) 4.3 F000
- Servigistics Field Service Management 9.4.7 to 11.1
- Service Knowledge and Diagnostics 5.2 to 5.7
- Servigistics Service Network Management 10.7.1.1 to 11.1.1
- Servigistics Service Parts Pricing 9.5 to 11.1
- Servigistics Service Parts Management 9.4.3 to 11.1.2
- Servigistics Knowledge and Diagnostics 4.x
Description
- A vulnerability has been reported in the Apache Commons Collections Library (ACC), documented here: https://www.kb.cert.org/vuls/id/576313
- Servigistics Products bundle ACC version 3.2.1
- PTC does not recommend that customers attempt to remove the affected .jar from their systems as this may affect out of the box functionality
- ACC version 3.2.2 has been released for mitigating the vulnerability by disabling the insecure functionality:
This is a printer-friendly version of Article 225391 and may be out of date. For the latest version click CS225391