Security vulnerabilities contained in Omi's RTSM db are not covered bu uCDMB patches

  • KM03297754
  • 06-Dec-2018
  • 06-Dec-2018

Summary

based on security bulletin https://mysupport.microfocus.com/group/softwaresupport/search-result/-/facetsearch/document/KM03142205

Question

As per the security bulletin:
 
https://mysupport.microfocus.com/group/softwaresupport/search-result/-/facetsearch/document/KM03142205
 
Affected Versions:
 
Universal CMDB Server DDM Content Pack V 10.20, 10.21, 10.22, 10.22 CUP7, 10.30, 10.31, 10.32, 10.33, 10.33 CUP2, 11.0, CMS Server 2018.05
 
(https://mysupport.microfocus.com/document/-/facetsearch/document/KM03180069) for updates pertaining to this vulnerability.
 
Following are links for downloading patches to fix the vulnerabilities:
 KM03180069 (https://mysupport.microfocus.com/document/-/facetsearch/document/KM03180069)
 
This security bulletin is applicable for the stand UCMDb server. It it not for Omi RTSM version.
 
The problem is that the patch is for UCMDB and currently there is no patch for OMi RTSM version.
 

Answer

 
 
This vulnerability was fixed in  uCDMB version 10.33 CUP2 and 11.1.72. 
 
Currently there is no Omi version with embedded RTSM 10.33  version that contains the fix. 
 
Omi versions 10.70 (2018.05) and later contain the fix (from the 105 build from OMi  10.70)
 
There is no Omi/RTSM hotfix for this problem.
 
The only solution for this issue is to the upgrade to OMi 10.70.
 
 
 
extra info:
 
corresponding uCDMB versions for the Omi/RTSM versions:
 
Omi 10.60 has uCMDB version 10.30 build=308
Omi 10.62 has uCDMB version 10.33 build=123
Omi 10.63 has uCDMB version 10.33 build=811
Omi 10.70 has uCDMB version=11.1 build=105