-
1. Re: How to address security vulnerabilities
Sarthak Soumyaprakash Biswal Aug 17, 2020 6:02 AM (in response to Sreekar B)Hi Sreekar,
We need to investigate on this Vulnerability through a technical case but unfortunately PC 9.5.1HF2 is already EOL. Please refer the below doc:
https://network.informatica.com/docs/DOC-16182
I would suggest for upgrade to higher PC 10.4.x version and get your environment scanned by security team again,If Vulnerability is fixed in higher version then we are good else we can continue assisting through a technical case.
Thanks,
Sarthak
-
2. Re: How to address security vulnerabilities
Rajan Rath Aug 24, 2020 8:14 AM (in response to Sarthak Soumyaprakash Biswal)Indeed yes. The tomcat version used in v9.5.1 is pretty old and might be vulnerable.
The suggestion would be to upgrade to a higher version and re-scan for vulnerabilities.
-
3. Re: How to address security vulnerabilities
Sachin Kumar Aug 24, 2020 8:49 PM (in response to Sreekar B)Upgrade required. 9.5.1 is pretty old version and it uses old tomcat version for which no fix available.
-
4. Re: How to address security vulnerabilities
user101600 Aug 25, 2020 9:58 AM (in response to Sreekar B)For your reference here is a list of tomcat version that Informatica uses.
PC Version Tomcat Version
10.4 releases
10.4.1 Tomcat 7.0.103.0
10.4.0 Tomcat 7.0.96.0
9.51 releases
9.5.1 HF4 Tomcat 7.0.50
9.5.1 HF3 Tomcat 7.0.42
9.5.1 HF2 Tomcat 7.0.35
If you are concerned about vulnerabilities that came out between tomcat 7.0.35 and tomcat 7.0.103.0 then you would need to upgrade PC to the latest release level.
-
5. Re: How to address security vulnerabilities
user101600 Aug 25, 2020 12:15 PM (in response to Sreekar B)Also, please be aware that Informatica 9.x has reached its end of life and its not supported without the extended support options.