Vulnerabilities in ARIS Design Server

Jorge Reyna R. on April 4, 2018

Hello everyone,

Someone knows if there is a patch, procedure or update through which the following vulnerabilities can be resolved in ARIS Design Server:

Elasticsearch Groovy Script RCE: The remote web server hosts a Java application that is affected by a remote code execution vulnerability.
Elasticsearch Transport Protocol Unspecified Remote Code Execution: Elasticsearch contains an unspecified flaw related to the transport protocol that may allow a remote attacker to execute arbitrary code.

Thank you very much in advance.

2 Replies

Runé Becker on April 4, 2018

Dear Jorge,

I think you'd better address your questions to Global Support ARIS via Empower.

We are always trying to keep third party libraries up-to-date in ARIS. So if there is a certain concern, please check with us how to cope with it.

But in general, there's NOT a supported option to change any library inside an ARIS installation manually without our consent. In worst case a replaced library could lead to data consistency issues or even failing ARIS to work properly.

Cheers

Rune

Like

Sign in
or register to reply.

Notify Moderator
Jorge Reyna R. on April 4, 2018

Dear Rune,

I will request help from Global Support ARIS via Empower.

Thank you very much.

Regards.

Atte. Jorge Reyna R.

Like

Sign in
or register to reply.

Notify Moderator