search cancel

The Security team has flagged the version of Python running on the data repository servers as vulnerable

book

Article ID: 215645

calendar_today

Updated On:

Products

CA Performance Management - Usage and Administration DX NetOps

Issue/Introduction

The Security team has flagged the version of Python running on the data repository servers as vulnerable:

………………..

SCAN RESULTS

Plugin Output:

The following Python installation is unsupported :

Path : /

Port : 5444

Installed version : 2.7.10

Latest version : 3.8

Support dates : 2020-01-01 (end of life)

……………………

Is Python required for Data Repository functionality?

If so, can we update the Python version without impacting DR operations or does the DR require this specific version?

Cause

If you run

which python

You will see that this is the system python:

CAPM installs our own private version of python, and it is not in the path:

/opt/vertica/oss

This is the only python we use.

The private python we use will not be seen by security scans as it is not in the path.

You may not update or modify the private python install.

Environment

Release : 20.2+

Component : IM Data Storage

Resolution

You can remove or update the system python as you see fit, CAPM does not use it.

Attachments