Security Vulnerabilities
This section describes how to find information about potential security vulnerabilities in HPE Ezmeral Data Fabric software.
When HPE identifies a potential security vulnerability in the Data Fabric software, a notice is written and posted to the HPE Support Center.
Support notices often tell you how to resolve, work around, or mitigate the vulnerability.
Following are some recent notices (a Support Center login might be required to view the
notices):
- Impact of CVE-2022-22965, CVE-2022-22963, CVE-2022-22950 affecting Ezmeral Data Fabric components using Spring libraries
- CVE-2021-44228 and CVE-2021-45046 Apache Log4j2 security vulnerabilities
- Mitigating log4j 1.x vulnerabilities CVE-2022-23302, CVE-2022-23305 and CVE-2022-23307
- CVE-2019-17638, CVE-2020-27218: Vulnerabilities in jetty-server
More notices are available on the HPE Support Center. To search for them, see Support Articles in the HPE Support Center. See also the HPE Security Bulletin Library.
To sign up for support alerts, see Get connected with updates from HPE.