BlueXP Backup and Recoveryの使用時にBlueXP ConnectorでCVE-2023-36665が検出される
環境
- BlueXP
- コネクタVM
- BlueXPのバックアップとリカバリ(Cloud Backup Serviceとも呼ばれる)
問題
- BlueXP Backup & Recoveryを使用すると、BlueXP Connector VMに次の脆弱性が検出され ます。
CVE-2023-36665
The library protobufjs version 7.2.4 was detected in NPM library manager located at /opt/netapp/cbs/server/node_modules/protobufjs/package.json and is vulnerable to CVE-2023-36665, which exists in versions >= 7.0.0, < 7.2.5.
The vulnerability was found in the Github Security Advisory with vendor severity: Critical (NVD severity: Critical).
This vulnerability has a known exploit available. Source: Code Intelligence.
The vulnerability can be remediated by updating the library to version 7.2.5 or higher, using npm update protobufjs
- BlueXPコネクタVMをRHEL 7.x OSで実行