[birt-report-engine-dev] Vulnerabilities in Eclipse BIRT jars

[birt-report-engine-dev] Vulnerabilities in Eclipse BIRT jars

Hi,

I am using Eclipse BIRT 3.7.2 runtime environment. While scanning its libraries, came across many high vulnerabilities in below three jars.

org.eclipse.datatools.enablement.ibm.db2.luw.dbdefinition_1.0.4.v201107221502.jar

org.eclipse.datatools.enablement.ibm.db2.luw_1.0.2.v201107221502.jar

Issues(CVE-2008-4692,CVE-2007-3676,CVE-2007-2582,CVE-2012-3324,CVE-2008-0699,CVE-2008-1998,CVE-2007-5652,CVE-2011-0731,CVE-2008-3958,CVE-2007-5090)

org.eclipse.datatools.enablement.mysql_1.0.2.v201109022323.jar

(Issues: CVE-2004-0836,CVE-2008-0226,CVE-2004-0835,CVE-2001-1454,CVE-2001-1274,CVE-2001-1275)

I scanned the latest version of BIRT 4.3.2 also but results are same. Please let me know do we have fix for any of these problems for these jars.

Thanks in Advance!

Ruchika

Follow-Ups:
- Re: [birt-report-engine-dev] Vulnerabilities in Eclipse BIRT jars
  - From: Paul Clenahan