Outstanding Contributor.. csaunderson Outstanding Contributor..
Outstanding Contributor..
207 views

OO 10 Remote Code Execution vulnerability - remediation?

Received notification of CVE-2016-8519 for Remote Code Execution vulnerability in OO 10.


Remediation was recommended by installing OO 10.70 Community Edition. Is this appropriate for Enterprise Editions?

 

--Chris

Labels (1)
0 Likes
1 Reply
Micro Focus Expert
Micro Focus Expert

Re: OO 10 Remote Code Execution vulnerability - remediation?

Hello Chris,

  • The vulnerability was found on OO Community Edition version.
  • The vulnerability also affects Enterprise versions of OO.
  • The versions affected are all 10.x releases.
  • The vulnerability can be exploited only if authentication is disabled in OO.

The solution to this problem is to upgrade to 10.70.

Please ensure that authentication is enabled in your OO environment.

Thank you.

Carlos Rojas
Customer Support Engineer

If you find that this or any other post resolves your issue, please be sure to mark it as an accepted solution.
If you are satisfied with anyone’s response please remember to give them a KUDOS by clicking on the STAR at the bottom left of the post and show your appreciation.
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.