Multiple vulnerabilities reported for Veritas (Arctera) Operations Manager (VIOM) 8.0.2.520: CVE-2024-50379, CVE-2024-54677 and CVE-2024-56337
Problem
Multiple vulnerabilities are reported for Veritas (Arctera) Operations Manager (VIOM) 8.0.2.520: CVE-2024-50379, CVE-2024-54677 and CVE-2024-56337.
Error Message
No errors are seen, but security scanning software highlights vulnerabilities.
Cause
VIOM 8.0.2.520 uses Apache Tomcat version less than 9.0.97 which is vulnerable.
Solution
There are no plans to address this issue by way of a patch or hotfix in earlier versions of the software at the present time. However, the issue has been addressed in the revision of the product specified at the end of this article.
Please contact your Sales representative or the Sales group for upgrade information including upgrade eligibility to the release containing the resolution for this issue.
Although the CVE-2024-50379 and CVE-2024-54677 vulnerabilities are not present in the VIOM code, the VIOM-Patch-8.0.2.540 includes Tomcat 9.0.98 which is not exploitable by these vulnerabilities.
NOTE: Security Patches are released monthly, so once the Tomcat fix for CVE-2024-56337 has been released, its fix will be included in the next Security Patch.
References
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.