반품
-
제목
is quest UC analytics affected by CVE 2023 46604? -
설명
1. We have UC analytics 8.8.3 installed in our environment and we would like an answer from you if that is vulnerable against CVE-2023-46604 security risk. if not affected then it's ok but if it's not safe, do you guys have plan to release the update or not?
2. What about other security risk: CVE-2023-50164 ? -
해결 방안
1. In our analysis, we found that the above CVE is vulnerable to product Apache ActiveMQ and to its versions. Apache ActiveMQ affected from 5.18.0 before 5.18.3 affected from 5.17.0 before 5.17.6 affected from 5.16.0 before 5.16.7 affected from 0 before 5.15.16y In UCA we are not using this product directly or indirectly, so for UCA is not vulnerable against CVE-2023-46604.
2. In our analysis, we found that the above CVE is vulnerable to product Apache Struts and on its versions. cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:* Show Matching CPE(s) From (including) 2.0.0 Up to (excluding) 2.5.33 cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:* Show Matching CPE(s) From (including) 6.0.0 Up to (excluding) 6.3.0.2 In UCA, we are not using this product directly or indirectly. So UCA is not vulnerable against CVE 2023- 50164.