FireMon Asset Manager CVE Radar

CentOS Linux—the open, enterprise-class, platform upon which Asset Manager solutions are builtand third-party packages such as Postgres and Oracle JRE—are continuously monitored by industry and community groups to uncover flaws. Upgrade packages that fix these CentOS flaws (aka CVEs, Common Vulnerabilities and Exposures) are made available from CentOS and third parties (Postgres, Oracle JRE) on an ongoing basis. 

This page lists security enhancements on our radar.  It's those CVEs that Asset Manager is actively addressing and expects to have fully resolved in the upcoming releases of Asset Manager Enterprise Edition.

CVE Identifier Highest Severity Vulnerable Package Date Reported 3rd Party Patch Available? Latest vulnerable FAM Notes on vulnerability

Resloved FAM Version

 FAM GA
critical

postgresql-42.2.2.jar

(Asset Manager-api RPM)

  • 02/02/2022
  • 03/10/2022
  • 08/30/2018
  • 08/03/2022
  • 06/04/2020
  • 11/23/2022
postgresql-42.6.0.jar 4.9.0.2 Various issues regarding PostgreSQL's official JDBC driver. 4.10
CVE-2023-38325 high

cryptography-40.0.2-cp36-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
(python_wmic RPM)

 07/14/2023 awaiting patch 4.9.0.2 Mishandles SSH certificates that have critical options.

CVE-2023-2828

high bind-export-libs-9.11.4-26.P2.el7_9.13.x86_64
bind-libs-lite-9.11.4-26.P2.el7_9.13.x86_64
bind-utils-9.11.4-26.P2.el7_9.13.x86_64
bind-license-9.11.4-26.P2.el7_9.13.noarch
bind-libs-9.11.4-26.P2.el7_9.13.x86_64 		06/21/2023 awaiting patch 4.9.0.2 The effectiveness of the cache-cleaning algorithm used in `named` can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured `max-cache-size` limit to be significantly exceeded.

CVE-2023-30861 high

Flask-2.0.3-py3-none-any.whl

05/02/2023 awaiting patch 4.9.0.2 A response containing data intended for one client may be cached and subsequently sent by the proxy to other clients

CVE-2023-25577
CVE-2023-23934 		high 
                                Werkzeug-2.0.3-py3-none-any.whl
02/14/2023 awaiting patch 4.9.0.2 Various werkzeug issues

CVE-2019-19919 
CVE-2021-23369
CVE-2021-23383
WS-2020-0450
WS-2019-0064
CVE-2019-20920
WS-2019-0103

CVE-2015-8861

 critical 
                                handlebars-1.3.0.js
(Asset Manager-api RPM)
12/20/2019 handlebars-v4.7.8.js 4.9.0.2 Various handlebars issues 4.10
CVE-2023-37920
CVE-2022-23491 		critical 
                                certifi-2021.10.8-py2.py3-none-any.whl
07/25/2023 certifi-2023.7.22-py3-none-any.whl 4.9.0.2 Various certifi issues 4.10