OliverGl's Posts

I got an final reply: "CVE-2023-29017 is a vulnerability in vm2, which is an optional, third-party module for Node.js.  The BSG does not use vm2 in any way.  vm2 is not included in the BSG component... See more...
I got an final reply: "CVE-2023-29017 is a vulnerability in vm2, which is an optional, third-party module for Node.js.  The BSG does not use vm2 in any way.  vm2 is not included in the BSG component install on any platform. The BSG is not vulnerable to this CVE.  Based on this, we can conclude that Blast Secure Gateway is not susceptible to this vulnerability." Regards! Oliver
Hi @yukiafronia , after almost 2 weeks I got some more information in my SR: "Node.js is used by the Blast service on UAG." "I have gotten feedback from our engineering team that PcoIP Secure Gate... See more...
Hi @yukiafronia , after almost 2 weeks I got some more information in my SR: "Node.js is used by the Blast service on UAG." "I have gotten feedback from our engineering team that PcoIP Secure Gateway stand-alone can be used to work around the vulnerability while a full assessment of the vulnerability is being conducted." Regards! Oliver  
Are any components of Horizon UAG (2111.2) affected by CVE-2023-29017? Critical Vulnerability in vm2 JavaScript Sandbox Library: Exploit Code Available (socradar.io) NVD - CVE-2023-29017 (nist.gov)... See more...
Are any components of Horizon UAG (2111.2) affected by CVE-2023-29017? Critical Vulnerability in vm2 JavaScript Sandbox Library: Exploit Code Available (socradar.io) NVD - CVE-2023-29017 (nist.gov) root@UAG [ ~ ]# find / -name "node.js" /opt/vmware/gateway/lib/bsg/node_modules/express/node_modules/debug/node.js There are no information published on the advisory board yet: Advisories (vmware.com) Does anybody can provide more information, if UAG is safe? Thanks and Regards! Oliver