Python version vulnerabilities exposed in vSphere Replication 8.3.1.2
search cancel

Python version vulnerabilities exposed in vSphere Replication 8.3.1.2

book

Article ID: 313976

calendar_today

Updated On:

Products

VMware Live Recovery VMware vSphere ESXi

Issue/Introduction

Symptoms:
Scanning tool exposed high vulnerabilities on vSphere Replication appliance 8.3.1.2  with the following python versions

Python 2.7.8 python231 3992718 CVE-2020-8492
Python 3.3.6 python231 4487898 CVE-2016-5636
Python 3.3.6 python231 4487898 CVE-2018-1000117
Python 3.3.6 python231 4487898 CVE-2019-13404
Python 3.3.6 python231 4487898 CVE-2020-27619
Python 3.4.5 python231 6406850 CVE-2018-1000117
Python 3.4.5 python231 6406850 CVE-2019-13404
Python 3.4.5 python231 6406850 CVE-2020-27619


Environment

VMware vSphere Replication 8.x

Resolution

vSphere Replication 8.4 has the fix for vulnerabilities exposed and impacting VR 8.3.1.2.

After deploying HMS appliance, you can verify the installed package by:
 
# rpm -qa
CVE                fixed?            Resolved Version
-------------------------------------------------------------------
CVE-2020-8492       fixed             2.7.17-4.ph3
CVE-2016-5636       fixed             2.7.12
CVE-2018-1000117   notAffected     
CVE-2019-13404     notAffected        This CVE is for windows and does not affect linux. Also this is in disputed state. Hence, marking this as not a bug.
CVE-2020-27619      fixed             3.7.5-8.ph3
CVE-2018-1000117   notAffected     
CVE-2019-13404     notAffected         This CVE is for windows and does not affect linux. Also this is in a disputed state. Hence, marking this as not a bug.
CVE-2020-27619      fixed             3.7.5-8.ph3