On this page

Teamwork Cloud/Magic Collaboration Studio

Library

Old version

New version

CVEs addressed

Logback

1.2.11

1.5.3 

CVE-2023-34478

CVE-2023-6378

Jackson

2.14.12

2.17.0

CVE-2023-35116

Guava

31.1

33.2.1

CVE-2023-2976
CVE-2020-8908

Graphite metrics

4.2.7

4.2.25

CVE-2023-46120

Zookeper

3.6.3

3.9.2

CVE-2023-44981
CVE-2024-23944

Shiro

1.11.0

1.13.0

CVE-2023-46749
CVE-2023-46750

JSON

20230227

20240303

CVE-2023-5072

SnakeYaml

1.33

2.2

CVE-2022-1471

Netty

4.1.87.Final

4.1.110.Final

CVE-2023-44487
CVE-2023-34462
CVE-2024-29025

Jetty

9.4.48

9.4.54

CVE-2023-36478
CVE-2023-44487
CVE-2023-26048
CVE-2023-26049
CVE-2023-40167
CVE-2023-36479
CVE-2023-41900

ElasticSearch

7.17.1

7.17.21

CVE-2023-46674
CVE-2023-31418
CVE-2023-31419
CVE-2023-46673

Spring Web5.3.275.3.36CVE-2024-22262
CVE-2024-22259
CVE-2024-22243
Nimbus JOSE+JWT9.319.40CVE-2023-52428
CVE-2024-30172
CVE-2024-30171
CVE-2024-29857
CVE-2023-51775
CVE-2023-33202
CVE-2023-33201
CVE-2023-31582
Bouncy Castle Provider1.701.78.1CVE-2024-30172
CVE-2024-30171
CVE-2024-29857
CVE-2023-33202
CVE-2023-33201

Other Vulnerabilities

NameCVE addressedRemediation
Teamwork Cloud / Magic Collaboration StudioCVE-2023-3589

To enable CSRF protection, you need to uncomment esi.dm.csrf.allowed-addresses property in the Teamwork Cloud application.conf file.

esi.dm {

    # Enable to turn on CSRF protection. This will block all incoming REST API requests, except those, coming from specified

    # IP addresses. List of strings, allowed IP must begin with specified string.

    # csrf.allowed-addresses = ["127.0.0.1", "0.0.0"]

}

Cameo Simulation Toolkit / Magic Model Analyst


Library

Old version

New version

CVEs addressed

Jetty9.4.489.4.54

CVE-2023-36478
CVE-2023-44487
CVE-2023-26048
CVE-2023-26049
CVE-2023-40167
CVE-2023-36479 
CVE-2023-41900

Cameo DataHub


LibraryOld VersionNew versionCVEs addressed
ant-nodeps1.8.1-- removed - CVE-2020-1945
derby10.15.2.0-- needed only for tests --CVE-2022-46337
h22.1.2102.2.224 ( has CVE-2018-14335 )CVE-2022-45868
xstream1.4.191.4.20 

CVE-2022-40151
CVE-2022-40152
CVE-2022-41966

WebApps

Library

Old version

New version

CVEs addressed

jython-standalone 2.7.22.7.4a1.1-DEVCVE-2020-8908
bcprov-jdk15on1.701.78.1CVE-2024-30172
CVE-2024-30171
CVE-2024-29857
CVE-2023-33202
CVE-2023-33201
Spring Security5.8.25.8.12CVE-2024-22257
CVE-2023-20862
CVE-2023-20863
CVE-2023-20861
Spring Data for Apache Cassandra3.4.103.4.18CVE-2023-20863
Apache Commons Codec1.151.17.0CVE-2020-15250
Apache Commons Validator1.71.9.0CVE-2020-15250
Spring5.3.335.3.36CVE-2024-22262
CVE-2016-1000027
SLF4J2.0.122.0.13
commons-logging1.3.01.3.2CVE-2023-6378
CVE-2022-23307
CVE-2022-23305
CVE-2022-23302
CVE-2021-4104
CVE-2019-17571
Jackson2.14.32.17.0
Artemis2.33.02.34.0CVE-2024-29133
CVE-2024-29131
CVE-2024-29025
CVE-2022-46337
Zookeeper3.7.23.9.2CVE-2024-30172
CVE-2024-30171
CVE-2024-29857
CVE-2023-4586
CVE-2023-33202
CVE-2023-33201
CVE-2020-26939
CVE-2020-15522
Logback1.4.141.5.6
jsoup1.15.31.15.4CVE-2023-26049
CVE-2023-26048
thymeleaf3.1.1.RELEASE3.1.2.RELEASE 
caffeine3.1.23.1.8CVE-2024-30172
CVE-2024-30171
CVE-2024-29857
CVE-2023-33202
CVE-2023-33201
CVE-2022-41966
CVE-2022-40151
CVE-2022-1471

Modeling tools

Library

Old version

New version

CVEs addressed

jtidyr9381.0.5 CVE-2022-23307
CVE-2022-23305
CVE-2022-23302
CVE-2021-4104
CVE-2019-17571
batik-all1.161.17CVE-2022-44730
CVE-2022-44729




bcprov-jdk15on1.681.78CVE-2024-30172
CVE-2024-30171
CVE-2024-29857
CVE-2023-33202
CVE-2023-33201
jython-standalone 2.7.32.7.4a1.1-DEVCVE-2020-8908

jackson-annotations

jackon-core

2.14.22.17.0CVE-2023-35116
slf4j-api1.7.25(using provided from twc client)
org.eclipse.emf.ecore.xmi2.18.0(using provided from twc client)
org.eclipse.emf.common2.28.0(using provided from twc client)
metrics-core3.2.2(using provided from twc client)
metrics-graphite3.2.2(using provided from twc client)
com.typesafe.config1.3.0(using provided from twc client)
jackson-databind2.14.2(using provided from twc client)
commons-compress1.211.26.1

CVE-2024-25710

CVE-2024-26308