Wed, 2023-05-31 03:00
Hello everyone,
Someone knows if there is a patch, procedure or update through which the following vulnerabilities can be resolved in ARIS Design Server:
- Elasticsearch Groovy Script RCE: The remote web server hosts a Java application that is affected by a remote code execution vulnerability.
- Elasticsearch Transport Protocol Unspecified Remote Code Execution: Elasticsearch contains an unspecified flaw related to the transport protocol that may allow a remote attacker to execute arbitrary code.
Thank you very much in advance.
Dear Jorge,
I think you'd better address your questions to Global Support ARIS via Empower.
We are always trying to keep third party libraries up-to-date in ARIS. So if there is a certain concern, please check with us how to cope with it.
But in general, there's NOT a supported option to change any library inside an ARIS installation manually without our consent. In worst case a replaced library could lead to data consistency issues or even failing ARIS to work properly.
Cheers
Rune
Dear Rune,
I will request help from Global Support ARIS via Empower.
Thank you very much.
Regards.
Atte. Jorge Reyna R.