Solved

Security Advisories CV_2023_11_1 - Resolution for builds prior to 11.28?

  • 13 November 2023
  • 4 replies
  • 348 views

Badge +5

Checking out Security Vulnerability and Reporting site:

https://documentation.commvault.com/2023e/essential/146231_security_vulnerability_and_reporting.html

 

I see an entry for:

CV_2023_11_1: Remote Code Execution Vulnerability in Apache ActiveMQ

 

along with a resolution recommending upgrading to the Maintenance Release builds of 11.32.83, 11.30.64, and 11.28.83.

 

Just wondering, what about the earlier builds such as 11.24? 

Does the security vulnerability affect these earlier builds?

If it does, then what should be the recommended Maintenance Release build for 11.24?

icon

Best answer by Albert Williams 14 November 2023, 00:19

View original

4 replies

Badge +5

It looks like the site:

https://documentation.commvault.com/2022e/essential/146231_security_vulnerability_and_reporting.html

 

has been updated to indicate that 11.24.125 is the fix.

This thread can be closed.

Userlevel 6
Badge +14

Hello @JSNOPUD 

Thanks for the great question!

Looking at our internal system I can see that SP24 and SP20 both have a scheduled build that is queued for creation

For me to get more details around an eta as to when it may be available i will need to create an official Dev escalation and that would require a support case with your CSDB attached to it.

I’m sorry I cannot provide further details but it does seem it has not been forgotten, just lower on the action list list the bulk of current customers are on FR28 and above and how close FR20 is to out of support.

Badge +5

Thanks for the reply, @Albert Williams 

 

Perhaps for reference purposes, this site contains a list of hotfixes for Maintenance Release for 11.28:

https://documentation.commvault.com/2022e/expert/assets/service_pack/updates/11_28_91.htm

 

Do you know which hotfixes addresses the resolution of CV_2023_11_1?

 

I can then cross-reference with the Maintenance Release for 11.24 at:

https://documentation.commvault.com/2022e/expert/assets/service_pack/updates/11_24_131.htm

 

to see if the fix for 11.24 has been added, by Issue description if the hotfix number is different.

 

Badge +5

Just wondering if this site will be expanded:

https://documentation.commvault.com/2023e/essential/146231_security_vulnerability_and_reporting.html

 

to include the Maintenance Release build for 11.24.

Reply