ONTAP Hardware

FAS & V-Series VASA Provider - Windows console versions re Java vulnerabilities

divadiow
2,699 Views

Hi

 

We've an ageing setup that is in dire need of some TLC. Our PEN test recently highlighted the SWEET32 and POODLE vulnerabilites the v6 U45 of Java used by DFM at C:\Program Files\NetApp\DataFabric Manager\DFM\java\bin\java.exe

 

I cannot find any upgrades for the modules we have installed as seen in the pic I've attached. We're running NetApp Release 8.2.4P6 7-Mode FAS8020.

 

Any thoughts? We've no plans to upgrade firmwares or change operating mode before we decom in a years time.

 

many thanks

2 REPLIES 2

Ontapforrum
2,676 Views

Hi,

 

I see there are updated modules for your Data ontap version, is that what you are looking for?

 

occore-5.2.1 came with Java Runtime Environment (JRE) 6.0 update 45, which I believe is the vulnerability you mentioned.

 

OCUM-7mode:
https://mysupport.netapp.com/NOW/download/software/occore_win/5.2.4/

 

The following upgrades have been performed in 5.2.4 to fix security vulnerabilities in the Core Package:
Apache® HTTP server 2.4.37
Java Runtime Environment (JRE) 8.0 update 181
Jetty 9.4.12

NetApp Management console will be within the OnCommand console, so should be newer version bundled with 5.2.4.

 

VASA:
https://mysupport.netapp.com/NOW/download/software/vasa_win/1.0.1/

 

For any other component compatibility, use the matrix site, just in case you want to be 100% sure:

http://support.netapp.com/matrix

 

Thanks!

divadiow
2,613 Views

ooh lush thanks

Public