Solved

.Net vulnerability

  • 20 March 2023
  • 5 replies
  • 1198 views

Badge +3

Hi Team,

I can see below .NET related vulnerability.

Can you please let me know, if .NET update will impact Commvault backup server and media agents ?

Microsoft CVE-2020-0605: .NET Framework Remote Code Execution Vulnerability
Microsoft CVE-2020-1046: .NET Framework Remote Code Execution Vulnerability
Microsoft CVE-2020-1147: .NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability
Microsoft CVE-2021-24111: .NET Framework Denial of Service Vulnerability
Microsoft CVE-2022-26832: .NET Framework Denial of Service Vulnerability
Microsoft CVE-2020-1108: .NET Core & .NET Framework Denial of Service Vulnerability
Microsoft CVE-2022-21911: .NET Framework Denial of Service Vulnerability
Microsoft CVE-2022-41064: .NET Framework Information Disclosure Vulnerability
Microsoft CVE-2023-21722: .NET Framework Denial of Service Vulnerability
Microsoft CVE-2023-21808: .NET and Visual Studio Remote Code Execution Vulnerability
Microsoft CVE-2022-41089: .NET Framework Remote Code Execution Vulnerability
Microsoft CVE-2020-16937: .NET Framework Information Disclosure Vulnerability
Microsoft CVE-2022-30130: .NET Framework Denial of Service Vulnerability
Microsoft CVE-2020-1476: ASP.NET and .NET Elevation of Privilege Vulnerability

 

icon

Best answer by Damian Andre 21 March 2023, 04:44

View original

5 replies

Userlevel 7
Badge +23

Hey @Ajinkya,

 

You are all good to install the .net updates - minor version updates are also ok. The only component that is really sensitive to .net version is the webserver on the CommServe which requires Microsoft .NET Framework 4.6.2 and .NET Core 6.0.1 for release 2022E (11.28). If you install through windows update it will patch the current version, so all good.

Badge +3

Hello @Damian Andre,

Thank you for the ans.

Badge +3

Hi all

I’m running Version 11 SP16 ,didn't configured webserver for commvault,will be effected if upgrade from Microsoft ASP.NET Core 2.1.5 to latest version to fix vulnerability.Thank you

Userlevel 4
Badge +14

May I ask if updating .net to 4.8.1 on the Commserve would be problematic?

Badge

I have .NET Core 6.0.1 for release 2022E (11.28) on my CommServer, but my security team wants me to upgrade to .NET Core 6.0.22.  I would like to know if is ok to upgrade.

Reply