The following CVEs:
have been reported by Nessus scanner as affecting Aria operations and Aria Operations for logs.
Aria operations 8.12 and later
Aria operations for logs 812 and Later
To verify the version of Photon OS on your appliance run command:
cat /etc/photon-release/
To verify the version of openssh on your appliance run command:
rpm -qa | grep openssh
CVE-2023-48795:
For Photon OS 4 and below the CVE is not fixed due to complexity of backporting the patch to lower version. Will be fixed when Aria Operations moves to Photon OS 5 in later releases
For Photon OS 5 above CVE is resolved on version 9.3p2-7.ph5
CVE-2023-51384:
For Photon OS 3, above CVE is not fixed
For Photon OS 4, above CVE is resolved on version 8.9p1-6.ph4
For Photon OS 5, above CVE is resolved on version 9.3p2-7.ph5
CVE-2023-51385
For Photon OS 3, above CVE is resolved on version 7.8p1-18.ph3
For Photon OS 4, above CVE is resolved on version 8.9p1-5.ph4
For Photon OS 5, above CVE is resolved on version 9.3p2-5.ph5
CVE-2023-25831
For Photon OS 4, above CVE is resolved on version 8.9p1-1
For Photon OS 5, above CVE is resolved on version 9.1p1-8