Forum Discussion

Pix_R's avatar
Pix_R
Level 5
4 years ago

OpenSSL vulnerability <Security>

Can we claim Data Insight is not affected by these known issues?

 

  • CVE-2021-3449: Crash can be provoked when connecting to a vulnerable server.
  • CVE-2021-3450: Vulnerable client can be tricked into accepting a bogus TLS certificate.

 

What, if any, affect will these exploits have on DI?

 

thank you
Pix

DI
Security
SSL
TLS
  • Pix_R's avatar
    Pix_R
    3 years ago

    Case Issue:
    Security Vulnerabilities

    CVE-2021-3449: This does NOT affect DI
    CVE-2021-3450: This does NOT affect DI

    Status:
    Case was closed as these were the 2 vulnerabilities of concern and CFT/ENG have confirmed that neither impact Data Insight.

     

     

    FYI
    Pix

2 Replies

Sort By
  • divya25's avatar
    divya25
    Level 0
    4 years ago

    Hi,

    There may be a possibility that the DI product can be affected by the above CVE's. We need to analyze more and if you need further troubleshooting on this and want to know any updates, please reach out to veritas support.

    Thanks,

    Divya

    • Pix_R's avatar
      Pix_R
      Level 5
      3 years ago

      Case Issue:
      Security Vulnerabilities

      CVE-2021-3449: This does NOT affect DI
      CVE-2021-3450: This does NOT affect DI

      Status:
      Case was closed as these were the 2 vulnerabilities of concern and CFT/ENG have confirmed that neither impact Data Insight.

       

       

      FYI
      Pix