Our cell manager is on a windows 2008 R2 server. The version of software is A.09.00 and the patch levels are
Patch level Patch description
===========================================
DPWIN_00714(BDL902) Core Component
DPWIN_00714(BDL902) Core of Integrations component
DPWIN_00713(BDL902) Cell Manager Component
DPWIN_00716(BDL902) Disk Agent
DPWIN_00717(BDL902) General Media Agent
DPWIN_00715(BDL902) User Interface
DPWIN_00715(BDL902) Manager-of-Managers User Interface
DPWIN_00766(BDL902) MS Volume Shadow Copy Integration
DPWIN_00719(BDL902) Virtual Environment Integration
DPWIN_00759(BDL902) Automatic Disaster Recovery
DPWIN_00762(BDL902) StoreOnce Software Deduplication
DPWIN_00718(BDL902) English Documentation (Guides, Help)
DPWIN_00714(BDL902) Core Technology Stack
DPWIN_00713(BDL902) Cell Server Technology Stack
DPWIN_00713(BDL902) Application Server Technology Stack
DPWIN_00713(BDL902) Web Services
DPWIN_00713(BDL902) Java Runtime Environment Technology Stack
DPWIN_00713(BDL902) Job Control Engine Service Dispatcher
DPWIN_00713(BDL902) Job Control Engine Service Registry
I do see forum threads talking about this vulnerability for previous versions of DP. The link below doesnt not mention "version 9.x on windows server" as impacted version. But Nessus was able to run "ipconfig" by exploiting this vulnerability.
http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04373818
The resolution mentioned in the link is not detailed.
Apparently, you have to use omnicc -encryption -enable hostname1.company.com along with -cert -key and -trust parameters.
In one of the examples it shows "hpdpcert.pem" being used. Will default work? Is this going to impact any jobs and backup data that's currently out there. AND is there an easier fix/patch for this?
Thank you.
