Environment
Micro Focus Open Enterprise Server 2 (OES 2) Linux
Micro Focus Open Enterprise Server 11 (OES 11) Linux
Micro Focus Open Enterprise Server 2015 (OES 2015) Linux
Micro Focus Open Enterprise Server 11 (OES 11) Linux
Micro Focus Open Enterprise Server 2015 (OES 2015) Linux
Situation
The "Illinois Department of Innovation & Technology, Division of Information Security", has reported a directory traversal vulnerability issue in Remote Manager (NRM) that affects all versions of Open Enterprise Server.
This vulnerability has been given the following identifier : CVE-2017-5182.
This vulnerability has been given the following identifier : CVE-2017-5182.
Resolution
The reported problem has been fixed with an update to Remote Manager.
- For current versions of OES (being: OES11 SP2, OES11 SP3, OES2015 & OES2015 SP1, the "January 2017 Hot Patch for NRM" is now available in the respective update repositories.
- For OES2 SP3 customers, "January 2017 OES2 SP3 Hot Patch for NRM" has been made available as separate download here.
- For other older unsupported versions of OES, a patch is not available.
- For current versions of OES (being: OES11 SP2, OES11 SP3, OES2015 & OES2015 SP1, the "January 2017 Hot Patch for NRM" is now available in the respective update repositories.
- For OES2 SP3 customers, "January 2017 OES2 SP3 Hot Patch for NRM" has been made available as separate download here.
- For other older unsupported versions of OES, a patch is not available.