topic Re: FAS & V-Series VASA Provider - Windows console versions re Java vulnerabilities in ONTAP Hardware

FAS & V-Series VASA Provider - Windows console versions re Java vulnerabilities

divadiow — Wed, 04 Jun 2025 11:13:41 GMT

We've an ageing setup that is in dire need of some TLC. Our PEN test recently highlighted the SWEET32 and POODLE vulnerabilites the v6 U45 of Java used by DFM at C:\Program Files\NetApp\DataFabric Manager\DFM\java\bin\java.exe

I cannot find any upgrades for the modules we have installed as seen in the pic I've attached. We're running NetApp Release 8.2.4P6 7-Mode FAS8020.

Any thoughts? We've no plans to upgrade firmwares or change operating mode before we decom in a years time.

many thanks

Re: FAS & V-Series VASA Provider - Windows console versions re Java vulnerabilities

Ontapforrum — Thu, 09 Apr 2020 10:10:13 GMT

Hi,

I see there are updated modules for your Data ontap version, is that what you are looking for?

occore-5.2.1 came with Java Runtime Environment (JRE) 6.0 update 45, which I believe is the vulnerability you mentioned.

OCUM-7mode:
https://mysupport.netapp.com/NOW/download/software/occore_win/5.2.4/

The following upgrades have been performed in 5.2.4 to fix security vulnerabilities in the Core Package:
Apache® HTTP server 2.4.37
Java Runtime Environment (JRE) 8.0 update 181
Jetty 9.4.12

NetApp Management console will be within the OnCommand console, so should be newer version bundled with 5.2.4.

VASA:
https://mysupport.netapp.com/NOW/download/software/vasa_win/1.0.1/

For any other component compatibility, use the matrix site, just in case you want to be 100% sure:

http://support.netapp.com/matrix

Thanks!

Re: FAS & V-Series VASA Provider - Windows console versions re Java vulnerabilities

divadiow — Thu, 16 Apr 2020 15:13:04 GMT

ooh lush thanks