Re: FAS & V-Series VASA Provider - Windows console versions re Java vulnerabilities

divadiow · ‎2020-04-08

Hi

We've an ageing setup that is in dire need of some TLC. Our PEN test recently highlighted the SWEET32 and POODLE vulnerabilites the v6 U45 of Java used by DFM at C:\Program Files\NetApp\DataFabric Manager\DFM\java\bin\java.exe

I cannot find any upgrades for the modules we have installed as seen in the pic I've attached. We're running NetApp Release 8.2.4P6 7-Mode FAS8020.

Any thoughts? We've no plans to upgrade firmwares or change operating mode before we decom in a years time.

many thanks

Ontapforrum · ‎2020-04-09

Hi,

I see there are updated modules for your Data ontap version, is that what you are looking for?

occore-5.2.1 came with Java Runtime Environment (JRE) 6.0 update 45, which I believe is the vulnerability you mentioned.

OCUM-7mode:
https://mysupport.netapp.com/NOW/download/software/occore_win/5.2.4/

The following upgrades have been performed in 5.2.4 to fix security vulnerabilities in the Core Package:
Apache® HTTP server 2.4.37
Java Runtime Environment (JRE) 8.0 update 181
Jetty 9.4.12

NetApp Management console will be within the OnCommand console, so should be newer version bundled with 5.2.4.

VASA:
https://mysupport.netapp.com/NOW/download/software/vasa_win/1.0.1/

For any other component compatibility, use the matrix site, just in case you want to be 100% sure:

http://support.netapp.com/matrix

Thanks!

divadiow · ‎2020-04-16

ooh lush thanks

FAS & V-Series VASA Provider - Windows console versions re Java vulnerabilities

Portfolio Updates | NetApp ONAIR