Skip to main content

hi,

 

we recently where discussing a few security concerns for one of our customer.

now there is a specific file located on the CS:

/webconsole/common/bootstrap/javascripts/bootstrap.min.js Bootstrap 3.3.6

this seems to be Deprecated by the provider.

and is giving a high priority alert.

 

how ever i do not see this listed in the https://documentation.commvault.com/11.26/expert/146231_security_vulnerability_and_reporting.html

 

as far as i see i do not see that this updated on their system (currently 24.34.).

 

could you provide us with an idea of when this will be upgraded through commvault?


 

kind Regards,


Thos Gieskes.

Hi Thos,

 

 The dev team is aware of this vulnerability and is working towards migrating it to Command Center with an updated version. If you were so inclined you can set an additional setting on the Web Console machine which would block access (as configured) thus mitigating risk:

 

Name: webconsoleRequestWhiteList

Path: WebConsole

Type: String

Value: .^ 

 

 Note the value is a period followed by caret symbol. I hope this helps, if you’d like more formal information surrounding timelines I’d suggest a support case be opened.

 

Kind regards,

Vance Sicherman

Commvault Support

hi @Vsicherman ,

 

thank you for the provided answer, we have added the above setting in the mean time.

do you have an eta for when the change will be made by DEV?

 

kind Regards,

 

Thos Gieskes

Hi @Thos Gieskes,

 

 Afraid I don’t have specifics on the upgradation of the bootstrap file. I’d suggest a case be opened with support for more concrete and visible tracking.

 

Kind regards,

Vance Sicherman

Commvault Support

Terms & ConditionsCookie settings