Skip to main content

Hello.

These are two technical questions, my colleague in charge of security is receiving a notification of a vulnerability in Apache, the following:

CVE-2023-46604: Apache ActiveMQ OpenWire Transport Remote Code Execution Vulnerability

And he has the doubt if this also affects Python.

And the second question is that we have three versions of python installed on the server where commvault is hosted: python 3.6; Python 3.9 and python 3.11.
Are all three essential for commvault to work or can we uninstall two and keep only the one that the console is using?

Hi @David Castro ,

 

Could you let us know which version you are running please?

CVE-2023-46604 should have been addressed in FR28.95 and FR32.32

If you are running a version older than FR28 I would strongly suggest to upgrade to ensure you are on a supported version.

As for Python, I seem to remember new Feature Releases are included Python embedded into them and we don’t need a separate installation of them, but don’t quote me on that.

Should you need to update the version of python on the CS, you could follow the next kb article;

https://kb.commvault.com/article/69232


As Javier mentioned, with newer up Feature Releases (11.28+) kept up-to-date we do not use “externally” installed Python, but only it embedded version located in cvpython folder.

So whatever is installed can be removed assuming, again, that commserve is running fairy new Maintenance Release.


Thanks for the help.


Reply