Important Announcement: Protecting our Community from Spam Events
Dear Members, we apologize for any disruption or inconvenience caused by the recent spam incidents, and we want to assure you that our dedicated team is actively investigating each reported instance of spam and implementing robust measures to mitigate the impact. Learn more on Spams Mitigation Guidelines
Thank you,
Schneider Electric Community Team
EcoStruxure IT forum
Schneider Electric support forum about installation, configuration for Data Center Operation, Data Center Expert, EcoStruxure IT, NetBotz, DCIM, IT Advisor.
Link copied. Please paste this link to share this article on your social media post.
Posted: 2020-07-05 08:48 PM
This question was originally posted on DCIM Support by Cees de Vogel on 2019-07-18
Hi team,
Customer had the following question:
This vulnerability was identified because (1) jQuery 1.11.1 has reached its end-of-life and is no longer supported by the vendor, consider upgrading to a newer supported version
OpenSSH: Brute-Force Authentication Protection Bypass Vulnerability
OpenSSH: Untrusted Search Path Vulnerability
OpenSSH: Shared Memory Manager Privilege Escalation Vulnerability
OpenSSH: Password Length Limitation Denial of Service Vulnerability
OpenSSH: Security Bypass Vulnerability
The above is solved in OpenSSH version 7.9p1 or higher,
What version do we have in DCE 7.7
(CID:147196454)
Link copied. Please paste this link to share this article on your social media post.
Link copied. Please paste this link to share this article on your social media post.
Posted: 2020-07-05 08:49 PM
This answer was originally posted on DCIM Support by Jackie Lehr on 2019-07-22
Hi Cees de Vogel,
Security scan results are listed here: https://sxwhelpcenter.ecostruxureit.com/display/UADCE725/Security+fixes+in+StruxureWare+Data+Center+...
CVE-2015-5600 and CVE-2016-1908 are included, the others are not. Engineering will have to search prior scan results to give you a definite answer.
Best,
Jackie
(CID:147197147)
Link copied. Please paste this link to share this article on your social media post.
Link copied. Please paste this link to share this article on your social media post.
Posted: 2020-07-05 08:49 PM
This answer was originally posted on DCIM Support by Steven Marchetti on 2019-07-18
Hi Cees,
When I queried sshd in DCE 7.7.0, it returned:
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
Can you please provide a link to a web site or CVE showing the reported vulnerability to which you are referring?
Thanks,
Steve
(CID:147196560)
Link copied. Please paste this link to share this article on your social media post.
Link copied. Please paste this link to share this article on your social media post.
Posted: 2020-07-05 08:49 PM
This comment was originally posted on DCIM Support by Cees de Vogel on 2019-07-22
Hi Steve,
Here the requested CVE information:
OpenSSH: Brute-Force Authentication Protection Bypass Vulnerability
CVE-2015-5600
OpenSSH: Untrusted Search Path Vulnerability
CVE-2016-10009
OpenSSH: Shared Memory Manager Privilege Escalation Vulnerability
CVE-2016-10012
OpenSSH: Password Length Limitation Denial of Service Vulnerability
CVE-2016-6515
OpenSSH: Security Bypass Vulnerability
CVE-2016-1908
BR
Cees
(CID:147196997)
Link copied. Please paste this link to share this article on your social media post.
Link copied. Please paste this link to share this article on your social media post.
Posted: 2020-07-05 08:49 PM
This comment was originally posted on DCIM Support by Steven Marchetti on 2019-07-22
Thanks...I'll see if I can find anything from the engineering teams.
Steve
(CID:147197142)
Link copied. Please paste this link to share this article on your social media post.
Link copied. Please paste this link to share this article on your social media post.
Posted: 2020-07-05 08:49 PM
This comment was originally posted on DCIM Support by Cees de Vogel on 2019-07-22
Hi Steve,
Thanks for your response, check also answer Jackie,
BR
Cees
(CID:147197160)
Link copied. Please paste this link to share this article on your social media post.
Link copied. Please paste this link to share this article on your social media post.
Posted: 2020-07-05 08:49 PM
This answer was originally posted on DCIM Support by Jackie Lehr on 2019-07-22
Hi Cees de Vogel,
Security scan results are listed here: https://sxwhelpcenter.ecostruxureit.com/display/UADCE725/Security+fixes+in+StruxureWare+Data+Center+...
CVE-2015-5600 and CVE-2016-1908 are included, the others are not. Engineering will have to search prior scan results to give you a definite answer.
Best,
Jackie
(CID:147197147)
Link copied. Please paste this link to share this article on your social media post.
Link copied. Please paste this link to share this article on your social media post.
Posted: 2020-07-05 08:49 PM
This comment was originally posted on DCIM Support by Cees de Vogel on 2019-07-22
Hi Jackie,
Thanks a lot
BR Cees
(CID:147197159)
Link copied. Please paste this link to share this article on your social media post.
Link copied. Please paste this link to share this article on your social media post.
Posted: 2020-07-05 08:49 PM
This question is closed for comments. You're welcome to start a new topic if you have further comments on this issue.
Link copied. Please paste this link to share this article on your social media post.
Create your free account or log in to subscribe to the forum - and gain access to more than 10,000+ support articles along with insights from experts and peers.