Primary Storage

 View Only
  • 1.  HyperScale Manager Server (5.5.3) Security Vulnerabilities

    Posted Mon August 23, 2021 01:44 PM
    Our security vulnerability alerted us that we have vulnerabilities on our Hyperscale Manager Server(5.5.3). We upgraded the HSM to latest and greatest version 5.5.3 and a rescan of server shows vulnerabilities related to java and extended CLI.
    They still find the vulnerabilities related to java and Extended XCLI. Note, XCLI installed is also latest installed available in Fix Central dated 2017. Does IBM has another latest version of XCLI available somewhere. Let us know.

    The following vulnerable instance of Java is installed on the
    remote host :
    Path : /omaagent/agent_13.2.0.0.0/oracle_common/jdk
    Installed version : 1.7.0_111
    Fixed version : 1.6.0_141 / 1.7.0_131 / 1.8.0_121

    Path : /omaagent/agent_13.2.0.0.0/oracle_common/jdk
    Installed version : 1.7.0_111
    Fixed version : 1.6.0_141 / 1.7.0_131 / 1.8.0_121

    Path : /home/msms/IBM_Storage_Extended_CLI
    Installed version : 1.7.0_131
    Fixed version : 1.6.0_161 / 1.7.0_151 / 1.8.0_141
    Path : /omaagent/agent_13.2.0.0.0/oracle_common/jdk
    Installed version : 1.7.0_111
    Fixed version : 1.6.0_161 / 1.7.0_151 / 1.8.0_141

    Path : /omaagent/agent_13.2.0.0.0/oracle_common/jdk
    Installed version : 1.7.0_111
    Fixed version : 1.6.0_131 / 1.7.0_121 / 1.8.0_111

    Path : /home/msms/IBM_Storage_Extended_CLI
    Installed version : 1.7.0_131
    Fixed version : 1.7.0_221 / 1.8.0_211 / 1.11.0_3 / 1.12.0_1
    Path : /omaagent/agent_13.2.0.0.0/oracle_common/jdk
    Installed version : 1.7.0_111
    Fixed version : 1.7.0_221 / 1.8.0_211 / 1.11.0_3 / 1.12.0_1
    Path : /home/msms/hyperscale
    Installed version : 1.8.0_201
    Fixed version : 1.7.0_221 / 1.8.0_211 / 1.11.0_3 / 1.12.0_1

    Path : /home/msms/IBM_Storage_Extended_CLI
    Installed version : 1.7.0_131
    Fixed version : 1.6.0_211 / 1.7.0_201 / 1.8.0_191 / 1.11.0_1
    Path : /omaagent/agent_13.2.0.0.0/oracle_common/jdk
    Installed version : 1.7.0_111
    Fixed version : 1.6.0_211 / 1.7.0_201 / 1.8.0_191 / 1.11.0_1

    Path : /home/msms/IBM_Storage_Extended_CLI
    Installed version : 1.7.0_131
    Fixed version : 1.6.0_201 / 1.7.0_191 / 1.8.0_181 / 1.10.0_2
    Path : /omaagent/agent_13.2.0.0.0/oracle_common/jdk
    Installed version : 1.7.0_111
    Fixed version : 1.6.0_201 / 1.7.0_191 / 1.8.0_181 / 1.10.0_2

    Path : /home/msms/IBM_Storage_Extended_CLI
    Installed version : 1.7.0_131
    Fixed version : 1.6.0_181 / 1.7.0_171 / 1.8.0_161 / 1.9.0_4
    Path : /omaagent/agent_13.2.0.0.0/oracle_common/jdk
    Installed version : 1.7.0_111
    Fixed version : 1.6.0_181 / 1.7.0_171 / 1.8.0_161 / 1.9.0_4

    So request you to please help us remediate these vulnerabilities. How and for what purpose they exist on our HSM server. Please help update them and send us the procedure and the software links to get them.

    ------------------------------
    Sudhir BISHT
    ------------------------------


  • 2.  RE: HyperScale Manager Server (5.5.3) Security Vulnerabilities

    Posted Thu August 26, 2021 01:50 AM
    Same issue, let me know if you find a solution that helped.
    Regards,
    Team Smokekitchen

    ------------------------------
    karen larson
    ------------------------------



  • 3.  RE: HyperScale Manager Server (5.5.3) Security Vulnerabilities

    Posted Thu August 26, 2021 10:12 AM
    Hi Karen,
    Currently there is no solution for these vulnerability, and this vulnerability should not be an issue as well. These components comes as bundled with HSM and can't be individually updated. These will be updated in upcoming release of 5.5.4, but target release date is not yet out. So, we have to wait for 5.5.4.
    The above is by IBM Support.

    Thank You.

    ------------------------------
    Sudhir BISHT
    ------------------------------



  • 4.  RE: HyperScale Manager Server (5.5.3) Security Vulnerabilities
    Best Answer

    Posted Tue November 22, 2022 01:08 PM
    Hi Karen.

    This has been resolved by doing this:
    1. Update HSM to Version 5.5.4.1 <=  java version 1.8.0_281
    2. Update XCLI to Version 5.5.4.1 <=  java version 15.0.2" 2021-01-19

    The above has resolved our 'Vulnerability'  flags which we were getting earlier.

    Best

    ------------------------------
    Sudhir BISHT
    ------------------------------