2 Replies Latest reply on Apr 25, 2021 11:57 PM by Karthick M

    Vulnerabilities fix

    Nursyarafinax Abdul Aziz New Member

      Hi Team,

       

      Can the below Vulnerabilities be fixed upon the Informatica PowerCenter upgrade to 10.4 from version 9.6.1?

       

      Please find the Vulnerabilities attachment.

       

      Thanks & Regards,

      Sarala.

        • 1. Re: Vulnerabilities fix
          Nico Heinze Guru

          Just search the Informatica Network for the vulnerability numbers, you should be able to find them (if they have been resolved).

          Also please consult the Release Guide and Release Note files for version 10.1.1 and 10.4.1 (you will need an intermediate upgrade to 10.1.1 before upgrading to 10.4.1 anyway), there these security vulnerabilities should be listed as well IF they have been taken care of (which probably is the case).

           

          And if both ways don't help, please open a support ticket with Informatica Global Customer Support.

           

          Regards,

          Nico

          • 2. Re: Vulnerabilities fix
            Karthick M New Member

            CVE-2020-9484:

             

            Informatica is not vulnerable to CVE-2020-9484.

            Reference: https://knowledge.informatica.com/s/article/625748?language=en_US

             

             

            HSTS Missing From HTTPS Server (RFC 6797)

             

            Even though PowerCenter is not HSTS compliant, there are no vulnerability risks it poses as long as web applications run in a secure mode (HTTPs).

             

            Note

            Although PowerCenter is flexible with both HTTP and HTTPs endpoints for web applications, it is recommended to enable secure (HTTPs) to address any vulnerability concerns.

            Additionally, HSTS has been addressed in 10.4.1.2 and the same will be merged in PowerCenter 10.5.0

            Reference: https://knowledge.informatica.com/s/article/515658

             

            For rest of the vulnerabilities i would request you to open a ticket with Informatica GCS

             

            Regards,

            Karthick