Storage Boards Cleanup
To make it easier to find information about HPE Storage products and solutions, we are doing spring cleaning. This includes consolidation of some older boards, and a simpler structure that more accurately reflects how people use HPE Storage.
Automated Backup
Showing results for 
Search instead for 
Did you mean: 

Data Protector Express - AiO Hot Fix for CVE-2009-0714 ?

Data Protector Express - AiO Hot Fix for CVE-2009-0714 ?

Data Protector Express 4.0 sp1 build 43064 which is included in the most recent AiO software update for the ASM 3.8 appears to have a Security Vulnerability

Technical knowledge base - document
- Document ID: c01697543
- Release Date: 2009-05-13

References: CVE-2009-0714

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Data Protector Express 3.x and HP Data Protector Express SSE 3.x prior to build 47065
HP Data Protector Express 4.x and HP Data Protector Express SSE 4.x prior to build 46537

HP has made a 'HotFix' available for the generic product as a Patch here:

HP Data Protector Express Software
- Download drivers and software
-- Patch
--- HP StorageWorks Data Protector Express "Hot Fix" (Build 46537) for version 4.0 SP1

Q. Is this something that should be applied "outside" of updating the ASM or waiting for an "official" HP update for the AiO software?

Q. Will the ASM software still be able to communicate with the DPX software if this update is applied?