Skip to main content
commvault.com commvault.com
Solved

Security Advisories CV_2023_11_1 - Resolution for builds prior to 11.28?

  • November 13, 2023
  • 4 replies
  • 407 views
J
Byte
Forum|alt.badge.img+5

Checking out Security Vulnerability and Reporting site:

https://documentation.commvault.com/2023e/essential/146231_security_vulnerability_and_reporting.html

 

I see an entry for:

CV_2023_11_1: Remote Code Execution Vulnerability in Apache ActiveMQ

 

along with a resolution recommending upgrading to the Maintenance Release builds of 11.32.83, 11.30.64, and 11.28.83.

 

Just wondering, what about the earlier builds such as 11.24? 

Does the security vulnerability affect these earlier builds?

If it does, then what should be the recommended Maintenance Release build for 11.24?

Best answer by Albert Williams

Hello @JSNOPUD 

Thanks for the great question!

Looking at our internal system I can see that SP24 and SP20 both have a scheduled build that is queued for creation

For me to get more details around an eta as to when it may be available i will need to create an official Dev escalation and that would require a support case with your CSDB attached to it.

I’m sorry I cannot provide further details but it does seem it has not been forgotten, just lower on the action list list the bulk of current customers are on FR28 and above and how close FR20 is to out of support.

4 replies

J
Byte
Forum|alt.badge.img+5
  • JSNOPUD
  • Author
  • Byte
  • 18 replies
  • November 20, 2023

It looks like the site:

https://documentation.commvault.com/2022e/essential/146231_security_vulnerability_and_reporting.html

 

has been updated to indicate that 11.24.125 is the fix.

This thread can be closed.

J
Byte
Forum|alt.badge.img+5
  • JSNOPUD
  • Author
  • Byte
  • 18 replies
  • November 15, 2023

Just wondering if this site will be expanded:

https://documentation.commvault.com/2023e/essential/146231_security_vulnerability_and_reporting.html

 

to include the Maintenance Release build for 11.24.

J
Byte
Forum|alt.badge.img+5
  • JSNOPUD
  • Author
  • Byte
  • 18 replies
  • November 13, 2023

Thanks for the reply, @Albert Williams 

 

Perhaps for reference purposes, this site contains a list of hotfixes for Maintenance Release for 11.28:

https://documentation.commvault.com/2022e/expert/assets/service_pack/updates/11_28_91.htm

 

Do you know which hotfixes addresses the resolution of CV_2023_11_1?

 

I can then cross-reference with the Maintenance Release for 11.24 at:

https://documentation.commvault.com/2022e/expert/assets/service_pack/updates/11_24_131.htm

 

to see if the fix for 11.24 has been added, by Issue description if the hotfix number is different.

 

A
Vaulter
Forum|alt.badge.img+15
  • Albert WilliamsVaulter
  • Vaulter
  • 645 replies
  • Answer
  • November 13, 2023

Hello @JSNOPUD 

Thanks for the great question!

Looking at our internal system I can see that SP24 and SP20 both have a scheduled build that is queued for creation

For me to get more details around an eta as to when it may be available i will need to create an official Dev escalation and that would require a support case with your CSDB attached to it.

I’m sorry I cannot provide further details but it does seem it has not been forgotten, just lower on the action list list the bulk of current customers are on FR28 and above and how close FR20 is to out of support.

The best way to learn anything, is to question everything


Terms & ConditionsCookie settingsAccessibility statement