Addressing Vulnerabilities related to Openjdk in VMware SRM / Live Recovery Manager
search cancel

Addressing Vulnerabilities related to Openjdk in VMware SRM / Live Recovery Manager

book

Article ID: 397300

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

A third-party scan identifies the following Vulnerabilities related to Openjdk in VMware Site Recovery Manager or VMware Live Recovery Manager.

CVE-2024-20918    
CVE-2024-20919    
CVE-2024-20921    
CVE-2024-20926    
CVE-2024-20932    
CVE-2024-20945    
CVE-2024-20952    
CVE-2024-21011    
CVE-2024-21012    
CVE-2024-21068    
CVE-2024-21085    
CVE-2024-21094

Environment

VMware Live Site Recovery / Site Recovery Manager 9.x

 

Cause

This vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise OpenJDK. 

Resolution

Upgrade to VMware Live Site Recovery 9.0.2.1 version Download or above, as it has Openjdk version 21.0.3.437, which addresses these vulnerabilities.

Powered by Wolken Software