Spring Framework Vulnerability Hotfix for NetBackup Flex Appliance

Translation Notice

Please note that this content includes text that has been machine-translated from English. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.

Spring Framework Vulnerability Hotfix for NetBackup Flex Appliance

HotFix Critical

Update ID: UPD108121

Version: 2.0.2/2 .1

Platform: Appliance

Release date: 2022-04-22

Abstract

Spring Framework Vulnerability Hotfixes for NetBackup Flex Appliance versions 2.0.2 and 2.1

Description

The hotfix fixes a zero-day vulnerability (CVE-2022-22965) in the open-source Java framework, Spring, that could allow an attacker to execute arbitrary code on a remote web server. You must first upgrade to 2.0.2 or 2.1 before applying the hotfix.

The Flex 2.1 hotfix also includes:

Fix for HBA QLE2692 false alert that the temperature is high (V-475-105-1005)
Previously released fix for Log4j and Polkit vulnerabilities (VE-2021-44228, CVE-2021-45046 and CVE-2021-4034)
Previously released fix for enabling Isolated Recovery Environment (IRE) Air Gap Solution

The Flex 2.0.2 hotfix also includes:

Previously released fix for Log4j and Polkit vulnerabilities (VE-2021-44228, CVE-2021-45046 and CVE-2021-4034)

Applies to the following product releases

Flex Appliance OS 2.0.1

Release date: 2021-06-11

End of support life: 2023-11-04

Flex Appliance OS 2.1

Release date: 2021-12-06

End of support life: 2024-12-06

Update files

	File name	Description	Version	Platform	Size

Choose an account to download the files you selected.