Upgrade tomcat instance
Netbackup 10.4 has a vulnerable version of tomcat running.
I need to patch it (or throw the webserver in the trash since we dont use it anyway but that doesnt seem possible)
I tried downloading the latest version of tomcat 9.0.88 and extracting and putting the files in /usr/openv/wmc/webserver, netbackup starts. I am able to query and see tomcat version 9.0.88 is in place but the vulnerability tool still shows 9.0.85 as the version installed. I am wondering if there is a documented way to upgrade the tomcat server?
I have found several VOX articles about it, but none really new and Im not sure netbackup supports those methods.
/usr/openv/java/jre/bin/java -cp /usr/openv/wmc/webserver/lib/catalina.jar org.apache.catalina.util.ServerInfo
Server version: Apache Tomcat/9.0.88
Server built: Apr 9 2024 13:22:30 UTC
Server number: 9.0.88.0
OS Name: Linux
OS Version: 4.18.0-513.24.1.el8_9.x86_64
I recently checked and there are EEBs available for various NetBackup versions to address the Tomcat vulnerabilities covers by those two CVEs.
ET 4158486 NetBackup 10.4
ET 4158024 NetBackup 10.3.0.1
ET 4157810 NetBackup 10.2.0.1
ET 4157630 NetBackup 10.1.1.
ET 4157838 NetBackup 10.0.0.1I included information for earlier NetBackup version which may help others. Log a support case and request the fix (via the ET number) for the relevant NetBackup version.
Cheers
David