ONTAP Hardware

FAS & V-Series VASA Provider - Windows console versions re Java vulnerabilities

divadiow

Hi

 

We've an ageing setup that is in dire need of some TLC. Our PEN test recently highlighted the SWEET32 and POODLE vulnerabilites the v6 U45 of Java used by DFM at C:\Program Files\NetApp\DataFabric Manager\DFM\java\bin\java.exe

 

I cannot find any upgrades for the modules we have installed as seen in the pic I've attached. We're running NetApp Release 8.2.4P6 7-Mode FAS8020.

 

Any thoughts? We've no plans to upgrade firmwares or change operating mode before we decom in a years time.

 

many thanks

2 REPLIES 2

Ontapforrum

Hi,

 

I see there are updated modules for your Data ontap version, is that what you are looking for?

 

occore-5.2.1 came with Java Runtime Environment (JRE) 6.0 update 45, which I believe is the vulnerability you mentioned.

 

OCUM-7mode:
https://mysupport.netapp.com/NOW/download/software/occore_win/5.2.4/

 

The following upgrades have been performed in 5.2.4 to fix security vulnerabilities in the Core Package:
Apache® HTTP server 2.4.37
Java Runtime Environment (JRE) 8.0 update 181
Jetty 9.4.12

NetApp Management console will be within the OnCommand console, so should be newer version bundled with 5.2.4.

 

VASA:
https://mysupport.netapp.com/NOW/download/software/vasa_win/1.0.1/

 

For any other component compatibility, use the matrix site, just in case you want to be 100% sure:

http://support.netapp.com/matrix

 

Thanks!

divadiow

ooh lush thanks

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public