Having problems with your account or logging in?
A lot of changes are happening in the community right now. Some may affect you. READ MORE HERE

There is a vulnerability issue in the Versant Database (Version 7.0.1.3) which allows unauthorized access to the CaliberRM Server via the versant_d service

There is a vulnerability issue in the Versant Database (Version 7.0.1.3) which allows unauthorized access to the CaliberRM Server via the versant_d service

Problem:

There is a vulnerability issue in the Versant Database (Version 7.0.1.3) which allows unauthorized access to the CaliberRM Server via the versant_d service

Resolution:

Early versions of Versant 7 contained a security vulnerability that if exploited could allow malicious individuals unauthorized access to the CaliberRM Server via the versant_d service. This vulnerability was fixed by Versant and the patch is installed in later versions of CaliberRM (2008 and beyond). Users running any version of CaliberRM before 2008 can take one of the following steps to minimize/eliminate the threat to their CaliberRM Server:

  • Upgrade to CaliberRM 2008 SP1. CaliberRM 2008 SP1 is running the Versant 7.0.4.9 which is the latest version of the Versant Database with the most recent patch installed.

  • Block access to port 5109 on the CaliberRM Server. All of the Versant Clients used in the CaliberRM application are running from within the CaliberRM Server executable (caliber_srv.exe). If your database is running on the same server as your CaliberRM Server, there is no need to have the versant_d service exposed to the network. By simply blocking port 5109 with your firewall software or router, this will eliminate any this security risk. The CaliberRM Server will function properly with this port blocked. The only way an attacker would be able to exploit this vulnerability is if they were actually logged into the server.

  • As this vulnerability exploits the versant_d process running as an Administrator on the CaliberRM Server, you can re-install CaliberRM as a non-administrative user. This will require you to back up your database, uninstall CaliberRM, reinstall CaliberRM and restore your database.

Old KB# 30166

DISCLAIMER:

Some content on Community Tips & Information pages is not officially supported by Micro Focus. Please refer to our Terms of Use for more detail.
Version history
Revision #:
1 of 1
Last update:
‎2013-02-15 20:43
Updated by:
 
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.