Control-M/Agent 9.0.21.200 for UNIX and Microsoft Windows is bundled with node.js 18.18.0, are below CVEs impacting Control-M/Agent?

HIGH: CVE-2023-6378
HIGH: CVE-2023-38552
MEDIUM: CVE-2022-36046
HIGH: CVE-2024-27980 (CVE-2024-36137,CVE-2024-22018,CVE-2024-37372,CVE-2024-22020)
 

For CVE-2022-36046, Control-M/Agent is not impacted as Control-M/Agent does not use Next.js.
For CVE-2023-6378,  Control-M/Agent is not impacted as Control-M/Agent does not use a receiver component.

For CVE-2023-38552 and CVE-2024-27980, please follow below procedure and upgrade the node.js to a version that has fixed CVE-2023-38552 and CVE-2024-27980 (Including the following: CVE-2024-36137,CVE-2024-22018,CVE-2024-37372,CVE-2024-22020)

Procedure to upgrade the Embedded Node.JS in Control-M Agent

1. Back up the node path location contents before you make any changes.
2.  Download node.js for the required OS,
     https://nodejs.org/download/release

      For the upgrade:
     Step 1 - Download the attached upgradeNode.jar
     Step 2 - Verify that JAVA_HOME is JAVA8 and up.
     Step 3 - Run the command: 
      java -jar upgradeNode.jar -path [node path location]
To upgrade specific location use -d else will upgrade the default location:
java -jar upgradeNode.jar -path [node path location] -d [destination path where the node will be upgraded]