Veritas (Arctera) Operations Manager (VIOM) 8.0.2 and CVE-2024-0985 and CVE-2024-4317 Postgres vulnerabilities
Article ID: 100073740
Updated On:
Description
Error Message
No error seen
Cause
VIOM versions from 8.0.2 to 8.0.2.540 use Postgres v14.10.
Resolution
The Product Engineering team currently plans to address this issue through a patch or hotfix in the current software version. Please note that our company reserves the right to withdraw any fix from the targeted release if it fails quality assurance tests. Development plans are subject to change, and any actions you take based on this information, or your reliance on it, are at your own risk.
CVE-2024-0985 – The Product Engineering team has evaluated that VIOM versions 8.0.2.x is not exploitable by this vulnerability.
CVE-2024-4317 - Postgres has released remediation steps to mitigate CVE-2024-4317 and a VIOM 8.0.2 hotfix to address this vulnerability is now available from the Download Center.
Veritas(Arctera) InfoScale Operations Manager PostgreSQL CVE-2024-4317 Vulnerability Fix
It should be noted that even after the mitigation steps have been implemented, the Security Scanner (eg Nessus) may still report the vulnerability as its findings are based on the Postgres version.
Issue/Introduction
Veritas (Arctera) Operations Manager (VIOM) 8.0.2 and CVE-2024-0985 and CVE-2024-4317 Postgres vulnerabilities
Additional Information
JIRA: STESC-9417
