Operational Defect Database
BugZero updated this defect 41 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
VMware | 91409
Smarts SAM: RabbitMQ reported vulnerable to CVE-2019-11291, CVE-2019-11281 and CVE-2019-11287
Last update date:
4/8/2024
Affected products:
Smart Assurance - SMARTS
Affected releases:
No affected releases provided.
Fixed releases:
No fixed releases provided.
Description:
Details
SAM-10.1.9.0 Pivotal RabbitMQ security issueSmarts 10.1.9.0 deploys Pivotal RabbitMQ, The installed version is 3.7.3 Our company uses the TENABLE product. It is reporting 3 distinct problemsTEN-144629 says the fixed version is 3.7.18TEN-144628 says the fixed version is 3.7.20TEN-144632 says the fixed version is 3.7.21 TEN-144628 -- CVE-2019-11291TEN-144629 -- CVE-2019-11281TEN-144632 -- CVE-2019-11287
Solution
Currently the Smarts RabbitMQ is an edited version specifically for the Smarts RabbitMQ / EDAA and Elasticsearch functions of Smarts for use with Watch4net VMware will update the RabbitMQ in a future version. Customers will not be able to upgrade RabbitMQ within Smarts SAM installations.
