Symptoms
Scanning tool exposed high vulnerabilities on vSphere Replication appliance 8.3.1.2 with the following python versionsPython 2.7.8 python231 3992718 CVE-2020-8492Python 3.3.6 python231 4487898 CVE-2016-5636Python 3.3.6 python231 4487898 CVE-2018-1000117Python 3.3.6 python231 4487898 CVE-2019-13404Python 3.3.6 python231 4487898 CVE-2020-27619Python 3.4.5 python231 6406850 CVE-2018-1000117Python 3.4.5 python231 6406850 CVE-2019-13404Python 3.4.5 python231 6406850 CVE-2020-27619
Resolution
vSphere Replication 8.4 has the fix for vulnerabilities exposed and impacting VR 8.3.1.2.After deploying HMS appliance, you can verify the installed package by:
# rpm -qa
CVE fixed? Resolved Version-------------------------------------------------------------------CVE-2020-8492 fixed 2.7.17-4.ph3CVE-2016-5636 fixed 2.7.12CVE-2018-1000117 notAffected CVE-2019-13404 notAffected This CVE is for windows and does not affect linux. Also this is in disputed state. Hence, marking this as not a bug.CVE-2020-27619 fixed 3.7.5-8.ph3CVE-2018-1000117 notAffected CVE-2019-13404 notAffected This CVE is for windows and does not affect linux. Also this is in a disputed state. Hence, marking this as not a bug.CVE-2020-27619 fixed 3.7.5-8.ph3
