One of our client found the vulnerability on DCO DR version 8.2.7 which is mentioned as below:
|38142||SSL Server Allows Anonymous Authentication Vulnerability||4||Active||5432||General remote services||5.1||Disable support for anonymous authentication to mitigate this vulnerability.|
Tried upgrading the version to 8.3 but it failed. Even the fresh installation would need lots of approval from customer side which would take more month. right now, customer wanted to resolve this in quick. In the mean-time, do we have any solution to remediate this vulnerability for 8.2.7 other than fresh installation? any suggestions please?
CVE-2020-8220, A denial of service vulnerability exists in Pulse Connect Secure A command injection vulnerability in the `divert` module may lead to remote code A Command Injection vulnerability exists in the web-based GUI of the 1st Gen CVE-2018-11188, Quest DR Series Disk Backup software version before CVE-2020-9004, A remote authenticated authorization-bypass vulnerability in An XXE vulnerability in JnlpSupport in Yet Another Java Service Wrapper in the current working directory, as demonstrated by a directory that contains a .doc, the "external general entities" property is false, which allows remote attackers to.
In regards to your post. The tools referenced by the CVE's in this post are not tools we typically include out of box with DCO 8.2.7. Were these tools added by your staff?
Discuss challenges in energy and automation with 30,000+ experts and peers.
Find answers in 10,000+ support articles to help solve your product and business challenges.
Find peer based solutions to your questions. Provide answers for fellow community members!