RabbitMQ reported vulnerable to CVE-2019-11291, CVE-2019-11281 and CVE-2019-11287
search cancel

RabbitMQ reported vulnerable to CVE-2019-11291, CVE-2019-11281 and CVE-2019-11287

book

Article ID: 315833

calendar_today

Updated On:

Products

VMware Smart Assurance

Issue/Introduction

SAM-10.1.9.0 Pivotal RabbitMQ security issue

Smarts 10.1.9.0 deploys Pivotal RabbitMQ, The installed version is 3.7.3. Your company uses the TENABLE product. It is reporting 3 distinct problems

  • TEN-#####9 says the fixed version is 3.7.18
  • TEN-#####8 says the fixed version is 3.7.20
  • TEN-#####2 says the fixed version is 3.7.21
  • TEN-#####8 -- CVE-2019-11291
  • TEN-#####9 -- CVE-2019-11281
  • TEN-#####2 -- CVE-2019-11287

Environment

VMware Smart Assurance - SMARTS (SAM)

Resolution

Currently, the Smarts RabbitMQ is an edited version specifically for the Smarts RabbitMQ / EDAA and Elasticsearch functions of Smarts for use with Watch4net.
VMware will update the RabbitMQ in a future version.  
You will not be able to upgrade RabbitMQ within Smarts SAM installations.