Security vulnerability CVE-2024-22243 detected on NetWorker server
Summary: Security vulnerability CVE-2024-22243 was detected on the NetWorker servers on version 19.8.0.2.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
Security vulnerability CVE-2024-22243 was detected on the NetWorker servers on version 19.8.0.2.
The affected NetWorker files are spring-core jars in these locations:
/nsr/authc/webapps/flr/WEB-INF/lib/spring-core-5.3.19.jar
/nsr/authc/webapps/nwrestapi/WEB-INF/lib/spring-core-5.3.19.jar
/nsr/authc/webapps/vcui/WEB-INF/lib/spring-core-5.3.19.jar
Cause
Known issue
The vulnerability impacts NetWorker.
Resolution
- NetWorker will upgrade the affected components as part of the Java Development Kit (JDK) version 17 implementation.
- The affected components that will be upgraded are as follows:
Spring Framework [CVE-2016-1000027, *CVE-2024-22243 (BDSA-2024-0402)]*
Apache Tomcat (BDSA-2024-0396)
Logback (CVE-2023-6481(BDSA-2023-3341), CVE-2023-6378(BDSA-2023-3307)]
Additional Information
JDK version 17 is planned for a Q4 2025 NetWorker release.
Article Properties
Article Number: 000223866
Article Type: Solution
Last Modified: 01 May 2024
Version: 2
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.