Unsolved
This post is more than 5 years old
1 Rookie
•
27 Posts
0
535
May 31st, 2018 06:00
DSA-2018-096: Dell EMC NetWorker Virtual Backup Appliance Security Update for Jackson-Databind Vulnerability - Article Number 000521682
Can someone in the know @EMC tell us if this was fixed in NVE 9.2.1.3 or does it have to be applied with this separate, stand-alone package?
Details
Dell EMC NetWorker Virtual Backup Appliance embeds Jackson-Databind, which may allow unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization issue.
Resolution
The Dell EMC NetWorker Virtual Backup Appliance 1.5.1.7 update Charlie tar bundle addresses this vulnerability for Dell EMC NetWorker versions 9.0.x, 9.1.x, and 9.2.x.
Dell EMC recommends all customers to upgrade at the earliest opportunity.
Refer to the ReadMe available within the Dell EMC NetWorker Virtual Backup Appliance 1.5.1.7 update Charlie tar bundle for instructions on applying the update. Note that applying this update does not require a reboot or shutdown
https://emcservice.force.com/CustomersPartners/kA3f100000003ibCAA
Thanks!