Currently being reported,
Does the vulnerability Ripple20 affect Zerto products?
Could you please confirm?
-Are there any Zerto products affected by this vulnerability?
・If there is any impact, please tell us about the following.
Workaround (if any)
Timing of providing corrections and countermeasures.
Contara from Zerto Support.
I searched in our Zerto database and internal Forum we don’t have information on vulnerability “Ripple20”.
Your question has been posted in the internal Zerto Forum. If I have more information from the Internal Zerto Forum I will reply back to the Support Q&A forum.
But we do have other vulnerabilities:
Meltdown and Spectre Vulnerability
ZERTO FIELD NOTICE FTN- 20190717: RESPONSE TO CVE-2019-11477 SECURITY VULNERABILITY
ZERTO FIELD NOTICE FTN- 20190718: ZERTO “FROM AWS” SECURITY VULNERABILITY AND PATCH NOTIFICATION
The latest respond from our internal Zerto Forum:
“Thank you for the question. I’m investigating this and will follow up with their assessment.”
When I have the answer or more information I will respond back to the posting.
By the way I got same thing one of our VRA Ripple20 so there is any update or fix ? or is it really efect us what we should do
The update that we got from our Internal forum was ” We use 3rd party software to regularly scan and monitor our code for vulnerabilities. I have confirmed with our Security Team that we do not use Treck, which is the vulnerability exploited in Ripple20″. Will share you more once I’ve more information on it. Thanks, Kal
Sorry for the late reply
Thank you for your reply.
We will check the contents and inform the customer.
I will let you know if I have any questions.