Problem
The 8.0.2.550 VRTSsfmcs package was flagged for a number of Java vulnerabilities (CVE-2025-21587, CVE-2025-30691, CVE-2025-30698).
Error Message
There was no explicit error message generated by the system. However, a third-party security scanner detected the vulnerabilities and flagged for further investigation.
Cause
The root cause of the vulnerability issue relates to the version of Java being used by the Veritas Operations Manager (VIOM) product. The version in use was 11.0.26.4.1, which is known to have security vulnerabilities that could potentially be exploited.
Solution
There are currently no plans to address this issue through a patch or hotfix in the current or previous versions of the software. However, it is scheduled to be resolved in the next major product revision. Please note that the product engineering team reserves the right to remove any fix from the targeted release if it does not pass quality assurance tests. Our plans are subject to change, and any actions you take based on this information, or your reliance on it, are at your own risk
To address the vulnerability, the VIOM package will be updated to include version 11.0.27.6.1 in the forthcoming patch 9.0.0.100, due at the end of May.
This article will be updated as and when the fix is released.
References
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.