This question was originally posted on DCIM Support by Garry Priestland on 2018-09-06
One of our customers has run a security scan over DCO v7.4.5 and it has highlighted this vulnerability.
https://www.tenable.com/plugins/nessus/109321
https://access.redhat.com/security/cve/cve-2017-12149
I can't find any reference to this in any version of DCO.
My initial advice would be to upgrade, assuming they are entitled to it, but I can't tell if the latest version of DCO will also have the same vulnerability. Can you please advise if DCO 8.5.0 has this issue or not?
Regards
(CID:134028281)
This comment was originally posted on DCIM Support by Greg Sterling on 2018-09-06
Hello Gary. I'm hoping a representative from engineering will confirm my below statement.
DCO 7.4.5 is a very old revision of DCO. The DCO 7.x versions ran on a debian linux plaform and used an older jboss platform which may have show the vulnerability based on its description.
Current released version of DCO is version 8.2.7. This version is based on CentOS 7, and uses the Wildfly version of JBoss which is a much newer platform than the Jboss 5.x mentioned in the CVE. Based on what I read in the CVE description I do not believe its applicable to the Wildfly releases we include with DCO current DCO releases.
Regards
Greg Sterling
(CID:134028300)
This question is closed for comments. You're welcome to start a new topic if you have further comments on this issue.
Discuss challenges in energy and automation with 30,000+ experts and peers.
Find answers in 10,000+ support articles to help solve your product and business challenges.
Find peer based solutions to your questions. Provide answers for fellow community members!