+1Hi, is there a reference document to remediate this reported vulnerability?
Path : C:\Program Files\Commvault\ContentStore\MessageQueue\lib\optional\spring-core-5.3.39.jar
Installed version : 5.3.39
Fixed version : 5.3.40
Thanks
Best answer by Damian Andre
Hey
Not sure what version you are on, but I see in an existing cast that 11.36.46 or higher should ship with a newer spring core (6.1.4). There are several reported CVE’s we’ve analyzed that do not impact our software (we’re not using those specific features of the framework and therefore are not vulnerable).
I’ll try to see if I can get information on if a newer version is included in other releases outside of 11.36.
+23Hey
Not sure what version you are on, but I see in an existing cast that 11.36.46 or higher should ship with a newer spring core (6.1.4). There are several reported CVE’s we’ve analyzed that do not impact our software (we’re not using those specific features of the framework and therefore are not vulnerable).
I’ll try to see if I can get information on if a newer version is included in other releases outside of 11.36.
+1Hi Damian,
Thank you for your prompt response. We are running on version 11.32.89, will check with support if we can safely upgrade to that version.
+23Our team has been looking into the vulnerabilities related to the spring framework. The functions we use in that framework do not match any active CVE’s (including this one). So while this one comes up on scanners, its not possible to exploit as we don't use those parts of the framework.
+1
But the backup is completing successful. We are still monitoring the backup, till we receive the advice from CommVault support to proceed with the upgrade.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
