DX UIM CVE-2024-22262, CVE-2024-22243 information
Article ID: 372494
Updated On:
Products
DX Unified Infrastructure Management (Nimsoft / UIM)
Issue/Introduction
Is DX UIM vulnerable to CVE-2024-22262, and CVE-2024-22243?
Environment
DX UIM 20.4.x 23.4 < CU2
Resolution
UIM is vulnerable to those CVEs.
The vulnerabilities mentioned above has been resolved in 23.4 CU2 where the spring framework is upgraded to the latest 5.3.37 version.
UIM Server 23.4 - Cumulative Update 2
Operator Console 23.4 - Cumulative Update 2
Additional Information
Engineering will not be addressing this in 20.4 as the exploitability score is low. Engineering will only be resolving day one exploits on 20.4.
As of 29 Aug 2024, 23.4 will be the focus for resolving vulnerabilities until it is superseded by the next full release of UIM.
Feedback
Yes
No
Powered by
