Have a security vulnerability raised on UIM related to MSXML 4.0 installed on Windows with Infrastructure Manager.
Following are the remarks from security tool:
**EOL/Obsolete Software: Microsoft XML Parser and Microsoft XML Core Services (MSXML) 4.0 Detected **"Microsoft XML Core Services (MSXML), formerly known as the Microsoft XML Parser, can be used to build XML-based applications that follow the World Wide Web Consortium (W3C) XML standards.
MSXML is a Component Object Model (COM) implementation of the W3C DOM model.
**Microsoft ended support for Microsoft XML Parser and Microsoft XML Core Services (MSXML) 4.0 on April 12, 2014 and provides no further support."
Since the vendor no longer providers software updates, this version is most susceptible to security vulnerabilities. Depending on the vulnerability being exploited, an unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service on the targeted system.
UIM 20.x, 9.X and earlier
Infrastructure manager 4.X and earlier
The IM client installs a SOAP-runtime-TK3 package which lays down the msxml4.dll and this is required for parsing the Nimsoft Archive listing of probes.
If this is removed the IM client will be unable to access the web Archive. You can use Admin Console or download directly from support.nimsoft.com instead.
As of the release of UIM 23.4 it is upgraded to MSXML 6.0.
MSXML Parser 4.0 is being used earlier than 20.4CU8 and it is upgraded to MSXML 6.0 version in UIM 23.4 release.