Spring Framework Vulnerability Hotfix for NetBackup Appliances

Translation Notice

Please note that this content includes text that has been machine-translated from English. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.

Spring Framework Vulnerability Hotfix for NetBackup Appliances

HotFix Critical

Update ID: UPD635959

Version: 4.0.0.1 MR3/4.1.0.1 MR2

Platform: Appliance

Release date: 2022-04-22

Abstract

Spring Framework Vulnerability Hotfixes for NetBackup Appliance/NetBackup Virtual Appliance versions 4.0.0.1 MR3 and 4.1.0.1 MR2

Description

The hotfix fixes a zero-day vulnerability (CVE-2022-22965) in the open-source Java framework, Spring, that could allow an attacker to execute arbitrary code on a remote web server. You must first upgrade to 4.0.0.1 MR3 or 4.1.0.1 MR2 before applying the hotfix.

Applies to the following product releases

NetBackup Appliance OS 4.1

Release date: 2021-07-19

End of support life: 2024-06-07

NetBackup Appliance OS 4.0

Release date: 2021-03-01

End of support life: 2024-01-01

NetBackup Virtual Appliance 4.0

Release date: 2021-03-01

End of standard support: 2024-01-01

End of support life: 2025-03-31

NetBackup Virtual Appliance 4.1

Release date: 2021-07-19

End of standard support: 2024-06-07

End of support life: 2025-03-31

Update files

	File name	Description	Version	Platform	Size

Choose an account to download the files you selected.