Depending on the security auditing products used and the level of granularity at which "risks" are logged, some NetBackup products which include a web interface may be generate version-based alerts during regular security audits.
Affected products include:
- NetBackup Operations Manager (NOM) 6.x
- Vertias Backup Reporter (VBR) 6.x
- OpsCenter (includes OpsCenter Analytics) 7.0 and 7.0.1
It is important to note that these products as installed/configured are not considered "vulnerable" and no known exploits of these products exist, nor are known to have been reported at the time of this writing.
OpsCenter will contain updated web components in an upcoming release and Symantec has released an EEB package as an interim update (see workaround) for those customers who wish to apply it. A formal resolution to this issue is expected in the following release:
- NetBackup OpsCenter 7.1, expected to be released in the first quarter of 2011
There are no further plans for release updates to both NOM and VBR. Users of those products are encouraged to upgrade to OpsCenter and OpsCenter Analytics 7.x.
For OpsCenter 7.0 and 7.0.1, an EEB package is available which will update web components. Please contact Symantec technical support, referencing this document ID and Etrack 2109526 to obtain this package.