Does Spectrum use /usr/bin/pkexec utility?
The customer security team would like to patch the O.S where Spectrum servers are hosted due a recently discovered security vulnerability. The fix includes removing the SUID bit from the affected executable.
The link to vulnerability is: https://nvd.nist.gov/vuln/detail/CVE-2021-4034
Our question is, would such a change have any impact on Spectrum?
Release : 20.x, 21.x
Component : Spectrum Core / SpectroSERVER
Spectrum does not use /usr/bin/pkexec utility, hence it's not exposed to this vulnerability.