-
1. Re: How to address security vulnerabilities
Hi Sreekar,
We need to investigate on this Vulnerability through a technical case but unfortunately PC 9.5.1HF2 is already EOL. Please refer the below doc:
https://network.informatica.com/docs/DOC-16182
I would suggest for upgrade to higher PC 10.4.x version and get your environment scanned by security team again,If Vulnerability is fixed in higher version then we are good else we can continue assisting through a technical case.
Thanks,
Sarthak
-
2. Re: How to address security vulnerabilities
Indeed yes. The tomcat version used in v9.5.1 is pretty old and might be vulnerable.
The suggestion would be to upgrade to a higher version and re-scan for vulnerabilities.
-
3. Re: How to address security vulnerabilities
Upgrade required. 9.5.1 is pretty old version and it uses old tomcat version for which no fix available.
-
4. Re: How to address security vulnerabilities
For your reference here is a list of tomcat version that Informatica uses.
PC Version Tomcat Version
10.4 releases
10.4.1 Tomcat 7.0.103.0
10.4.0 Tomcat 7.0.96.0
9.51 releases
9.5.1 HF4 Tomcat 7.0.50
9.5.1 HF3 Tomcat 7.0.42
9.5.1 HF2 Tomcat 7.0.35
If you are concerned about vulnerabilities that came out between tomcat 7.0.35 and tomcat 7.0.103.0 then you would need to upgrade PC to the latest release level.
-
5. Re: How to address security vulnerabilities
Also, please be aware that Informatica 9.x has reached its end of life and its not supported without the extended support options.