Spring Framework Vulnerability Hotfix for NetBackup Flex Scale Appliance

Translation Notice

Please note that this content includes text that has been machine-translated from English. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.

Spring Framework Vulnerability Hotfix for NetBackup Flex Scale Appliance

HotFix Critical

Update ID: UPD120893

Version: 2.1/3.0

Platform: Appliance

Release date: 2022-04-22

Abstract

Spring Framework Vulnerability Hotfix for NetBackup Flex Scale Appliance 2.1/3.0

Description

The hotfix fixes a zero-day vulnerability (CVE-2022-22965) in the open-source Java framework, Spring, that could allow an attacker to execute arbitrary code on a remote web server.

After installing the 3.0 hotfix, already configured CallHome functionality may stop working. Please follow the steps below to resolve the issue in 3.0.

SSH to any node in the cluster and log in by administration user
Run following command to get root shell access

support elevate

Run following command to stop ASC global API service

/opt/VRTS/bin/hagrp -offline GLOBAL_API_SERVER -any

Run following command to make sure that the service is OFFLINE on ALL nodes

hagrp -state GLOBAL_API_SERVER

Run following command to start the service again

/opt/VRTS/bin/hagrp -online GLOBAL_API_SERVER -any

Applies to the following product releases

NetBackup Flex Scale 3.0 HPE

Release date: 2022-03-28

End of support life: 2025-03-28

NetBackup Flex Scale 2.1 HPE

Release date: 2021-11-15

End of support life: 2024-03-31

Update files

	File name	Description	Version	Platform	Size

Choose an account to download the files you selected.