Python version vulnerabilities exposed in vSphere Replication 8.3.1.2
Article ID: 313976
Updated On:
Products
VMware Live Recovery
VMware vSphere ESXi
Issue/Introduction
Symptoms:
Scanning tool exposed high vulnerabilities on vSphere Replication appliance 8.3.1.2 with the following python versions
Python 2.7.8 python231 3992718 CVE-2020-8492
Python 3.3.6 python231 4487898 CVE-2016-5636
Python 3.3.6 python231 4487898 CVE-2018-1000117
Python 3.3.6 python231 4487898 CVE-2019-13404
Python 3.3.6 python231 4487898 CVE-2020-27619
Python 3.4.5 python231 6406850 CVE-2018-1000117
Python 3.4.5 python231 6406850 CVE-2019-13404
Python 3.4.5 python231 6406850 CVE-2020-27619
Scanning tool exposed high vulnerabilities on vSphere Replication appliance 8.3.1.2 with the following python versions
Python 2.7.8 python231 3992718 CVE-2020-8492
Python 3.3.6 python231 4487898 CVE-2016-5636
Python 3.3.6 python231 4487898 CVE-2018-1000117
Python 3.3.6 python231 4487898 CVE-2019-13404
Python 3.3.6 python231 4487898 CVE-2020-27619
Python 3.4.5 python231 6406850 CVE-2018-1000117
Python 3.4.5 python231 6406850 CVE-2019-13404
Python 3.4.5 python231 6406850 CVE-2020-27619
Environment
VMware vSphere Replication 8.x
Resolution
vSphere Replication 8.4 has the fix for vulnerabilities exposed and impacting VR 8.3.1.2.
After deploying HMS appliance, you can verify the installed package by:
-------------------------------------------------------------------
CVE-2020-8492 fixed 2.7.17-4.ph3
CVE-2016-5636 fixed 2.7.12
CVE-2018-1000117 notAffected
CVE-2019-13404 notAffected This CVE is for windows and does not affect linux. Also this is in disputed state. Hence, marking this as not a bug.
CVE-2020-27619 fixed 3.7.5-8.ph3
CVE-2018-1000117 notAffected
CVE-2019-13404 notAffected This CVE is for windows and does not affect linux. Also this is in a disputed state. Hence, marking this as not a bug.
CVE-2020-27619 fixed 3.7.5-8.ph3
After deploying HMS appliance, you can verify the installed package by:
# rpm -qaCVE fixed? Resolved Version
-------------------------------------------------------------------
CVE-2020-8492 fixed 2.7.17-4.ph3
CVE-2016-5636 fixed 2.7.12
CVE-2018-1000117 notAffected
CVE-2019-13404 notAffected This CVE is for windows and does not affect linux. Also this is in disputed state. Hence, marking this as not a bug.
CVE-2020-27619 fixed 3.7.5-8.ph3
CVE-2018-1000117 notAffected
CVE-2019-13404 notAffected This CVE is for windows and does not affect linux. Also this is in a disputed state. Hence, marking this as not a bug.
CVE-2020-27619 fixed 3.7.5-8.ph3
Feedback
Yes
No
Powered by
