MySQL in DX NetOps Spectrum 23.3.x are triggering vulnerability scans in our network on OneClick and SpectroSERVERs.

Broadcom has taken due cognizance of the Oracle Critical Patch Update Advisory published in January 2024. At the product level of DX NetOps, we are adopting recommended MySQL version 8.0.36 for all components in version 23.3.9 sans DX NetOps Spectrum.

The version of OpenSSL shipped with MySQL 8.0.34+ is not compatible with the version of OpenSSL that is shipped with DX NetOps Spectrum. The OpenSSL library in DX NetOps Spectrum is included within a 3^rd party vendors software. Broadcom is actively working with this vendor to obtain an update to their software with a compatible version of OpenSSL.

While Broadcom stays committed in resolving these vulnerabilities at the earliest in future releases of Spectrum. Release timeframe for the same, is unknown due to external dependencies.

To minimize the risk, please ensure that your network and monitoring systems are secured by adopting a strict paradigm of minimal access privileges, as well as firewall protections.

Broadcom will announce through standard software channels when this release is available and post updates in Release notes regarding these fixes.

Any questions or concerns regarding these should be directed to NetOps Support team or your account team.