Skip to main content

Handling CVEs in third-party components

  • Updated

As third-party components, Apache Tomcat and Java are not managed by BOC directly in on-premise installations, your local IT team needs to ensure these dependencies are properly maintained and regularly updated.

Security vulnerabilities are frequently addressed through upstream patches by vendors, and in many cases, upgrading to a fixed release eliminates the issue.

Upon identifying a CVE (Common Vulnerabilities and Exposures) impacting the Apache Tomcat or Java version you are currently using, the primary mitigation step should be to confirm that your instance can be upgraded to an Apache Tomcat and Java version where this vulnerability is fixed.

Before upgrading, please ensure that your BOC Office Management Product supports the new Apache Tomcat or Java version as explained below.

 

What are the latest third-party components versions, my BOC Management Office Product supports?

You can always check the latest compatible version of your Apache Tomcat and Java version by switching to your product version on:

 

How can I update my third-party components?

Installing a new Apache Tomcat, requires migrating some settings and configurations from your previous webserver installation to your new one.

If further support is needed to move configuration, please consult your account manager or reach out via our BOC Group - Help Center

 

My Environment is hosted by BOC, what should I do?

If you are a BOC SaaS customer, our Cloud and Security specialists take care of an assessment of the disclosed vulnerability. Based on the actual risk, they schedule updates of Apache Tomcat and Java components on your SaaS account. You don't need to worry about anything; 3rd party component updates are handled for you, and you will be informed about the maintenance windows required for such updates.

Related articles