search cancel

CA Vantage Windows client Log4j fix require for CVE-2010-3599

book

Article ID: 239282

calendar_today

Updated On:

Products

Vantage Storage Resource Manager

Issue/Introduction

Running 12.7.871.5 Windows client for CA vantage and get the following alert:

  • CVE-2010-3599

Details:Tenable APAC DRN Server: Class Identifier : {4932CEF4-2CAA-11D2-A165-0060081C43D9} Filename : C:\\windows\\SysWow64\\Actbar2.ocx Installed version : 2.5.0.32 Moreover, its kill bit is not set so it is accessible via Internet Explorer.

 

 

Environment

Release : 14.0

Component : Vantage Storage Resource Manager

Resolution

 
 
 
All mentioned security vulnerabilities are related to Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 and it's exploitable in combination with emsmtp.dll, empop3.dll and NCSEcw.dll


To exploit these vulnerabilities, Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 must be installed on the system.
 
Windows Client does not use or deliver any of these files.