David Pala

Does RSA AM 8.5 addresses Oracle WebLogic Server Multiple Vulnerabilities (CPUJUL2020)

Discussion created by David Pala on Nov 5, 2020
Latest reply on Nov 18, 2020 by David Pala

Hi Folks !

While trying to get the RSA AM 8.5 OVA deployed, I'm facing an issue with a vulnerability scan.

 

Below is what was found :

Oracle WebLogic Server Multiple Vulnerabilities (CPUJUL2020)

CVE-2020-9546, CVE-2018-11058, CVE-2020-14625, CVE-2020-14644, CVE-2020-14645,
CVE-2020-14687, CVE-2017-5645, CVE-2020-14588, CVE-2020-14639, CVE-2020-5398,
CVE-2020-14589, CVE-2020-2967, CVE-2020-14557, CVE-2020-14652, CVE-2020-14572,
CVE-2020-14636, CVE-2020-14637, CVE-2020-14638, CVE-2020-14640, CVE-2020-2966,
CVE-2020-14622

 

 

After reading many articles here, I was NOT able to conclude that the version is protected against this vulnerability (000039353 - How to display Web Logic version information in RSA Authentication Manager ver. 8.x ).

Moreover, the OVA won't be deployed unless a clear answer is provided to the Security Team.

 

Could someone give a hand for this ?

Thanks !

 

David

Outcomes