Error Message

There was no explicit error message generated by the system. However, a third-party security scanner detected the vulnerability and flagged it for further investigation.

The root cause of the vulnerability issue was traced to the libcurl version used in the VRTSfsadv package. The version in use was 7.59, which is known to have security vulnerabilities that could potentially be exploited.

A hotfix is now available for this issue in the current version(s) of the product(s) mentioned. Refer to the Hotfix link under Related Articles to obtain the hotfix needed to resolve the issue.

To address the vulnerability, the VRTSfsadv package has been updated to include libcurl version 8.12, which resolves the security concern.

Patches to address can be found here:

RHEL 8: 

https://downloads.infoscale.com/infoscale/REL333811/8.0.2.2500?q=fsadv&fileNumber=FILE236099&updateNumber=UPD182831

RHEL 9:

https://downloads.infoscale.com/infoscale/REL333811/8.0.2.2500?q=fsadv&fileNumber=FILE268147&updateNumber=UPD641575

SLES 15: 

https://downloads.infoscale.com/infoscale/REL333811/8.0.2.2500?q=fsadv&fileNumber=FILE249837&updateNumber=UPD542098 

The 8.0.2 VRTSfsadv package was flagged for a libcurl vulnerability (CVE-2024-7264). This issue was identified by a third-party security scanner, which raised concerns about the security of the package due to the outdated version of libcurl being used.

SW Download: UPD182831 SW Download: UPD641575 SW Download: UPD542098