ServerView Content Collector/ ServerView Update DVD Base: Unauthorized access from third parties. July 14th, 2020
1. Description
A vulnerability has been identified that allows third parties to access and operate ServerView Content Collector and ServerView Update DVD Base from the Internet.
Fujitsu provides security patches shown in 3.
Please apply them as soon as possible.
2. Impact
Third parties may perform the following operations on the ServerView Content Collector and ServerView Update DVD Base:
- Download unexpected files
- Browse the directory structure of the products running environment
- Stop running products
3. Affected systems and corresponding action
3-1.Affected systems
PRIMERGY, CELSIUS, PRIMEQUEST
3-2.Affected products and required patch
Products | Version | Target OS | Package name | Patch ID |
---|---|---|---|---|
ServerView Content Collector | V3.00.03
V3.10.01 V3.20.02 | Windows 8 (64-bit)/ 10 (64-bit)
Windows Server 2012 R2 (64-bit)/ 2016 (64-bit)/ 2019 (64-bit) RHEL/ CentOS 6.7/ 6.9/ 7.3/ 7.4/ 7.5/ 7.6/ 7.7/ 7.8/ 8.0/ 8.1 SLES 11 SP4/ 12/ 12 SP3/ 12 SP4/ 12 SP5/ 15/ 15 SP1 | - | V3.30.01 |
ServerView Update DVD Base | V12.19.10.03
V12.20.01.01 V12.20.04.02 | Windows 8 (64-bit)/ 10 (64-bit)
Windows Server 2012 R2 (64-bit)/ 2016 (64-bit)/ 2019 (64-bit) RHEL/ CentOS 6.7/ 6.9/ 7.3/ 7.4/ 7.5/ 7.6/ 7.7/ 7.8/ 8.0/ 8.1 SLES 11 SP4/ 12/ 12 SP3/ 12 SP4/ 12 SP5/ 15/ 15 SP1 | - | V12.20.07.01 |
How to get the patches: Please download from "Product Support" site.
Note: Determining the affected product
ServerView Content Collector: Please refer to the "ThirdPartyLicenseReadme.txt" included with the product to determine the version.
ServerView Update DVD Base: Please refer to the "ReleaseNote.txt" included with the product to determine the version.
3-3. Workaround
None
4. Related information
None
5.Revision history
- Jul. 14th, 2020: Initial release