How to Avoid Impact of CVE-2018-15473
Viewed 200 times
Administrators are approaching Zerto asking if and how they are impacted by a recently raised security vulnerability, CVE-2018-15473.
The CVE describes the ability of a user to verify if a username exists or not on the server. For the VRA, although the CVE exists, poses a very minor risk if at all.
In addition, according to this article there is a patch which can be manually applied on the VRA (Zerto version 7.5 and later).
With that said, Zerto should be upgraded to 7.5 and the patch be applied to each VRA as found in the link above.
** Note: Re-install/VRA upgrades post-patch application will require the patch be applied again. **