Skip to main content

.NET Security Vulnerability reported in older versions of Mobile Edge

Reid Gilbert
Superhero (Employee)
Forum|alt.badge.img+15

A security vulnerability has been reported on older versions of .NET (6.0.20 and lower), details on that are as follows:

The vulnerability involves Microsoft's .NET, which are frequent attack vectors for malicious cyber actors. The nature of the exploit in this attack is unclear, but Windows has acknowledged the existence of a proof-of-concept (PoC) about this vulnerability.  Exploiting this vulnerability allows malicious attackers to perform denial-of-service attacks on the system.

If you are running the Mobile Edge application on version 15.4.9.0 or lower then your environment is not running on .NET 6.0.21 which contains the fix for this vulnerability.  Versions 15.4.10.0 and higher of Mobile Edge include the support for .NET 6.0.21 and will automatically upgrade the environment as part of the installation process so if you are not running on V15.4.10.0 or higher at this time please reach out to the Support Department or your Project Manager to escalate the upgrade effort.
Thanks,
Reid

    4 replies

    Phil Seifert
    Ultimate Hero (Employee)
    Forum|alt.badge.img+24
    • Phil Seifert
    • Ultimate Hero (Employee)
    • 1336 replies
    • February 7, 2024

    Also to point out… the Alliance Enterprise SU6 comes with the Mobile Edge 15.4.10.0 upgrade package.

    Further, if you do have an earlier version and have an IFS customized version of Mobile Edge specifically for your company (e.g.  15.4.9.0  1 ) please contact IFS to arrange the customizations are also available for 15.4.10.0 or higher.

     

    Please mark any comments which answered your question as Best Answer so the topic is easier recognised as answered and closed.
    M
    1 person likes this
    • M
      Mark Segal
    Reid Gilbert
    Superhero (Employee)
    Forum|alt.badge.img+15
    • Reid Gilbert
    • Author
    • Superhero (Employee)
    • 343 replies
    • February 7, 2024

    Good point...we should also mention that Alliance Enterprise SU7 included the standard Mobile Edge V15.4.11.0 Maintenance Release (this is the latest release version).

    Phil Seifert
    M
    2 people like this
    • Phil Seifert
      Phil Seifert
    • M
      Mark Segal
    M
    Do Gooder (Customer)
    Forum|alt.badge.img+2

    Hi Reid & Phil 

    thank you for the post. However, I recently created an incident on your support platform about .NET 6.0.21. We have already installed Mobile edge 15.4.10 which provided .NET 6.0.21 as you mentionned. 

    However our Group Security team raised a critical security alert about .NET 6.0.21 ( CVE-2023-44487).

    I was expecting Mobile Edge 15.4.11 to fix the topic.

    Can you investigate with your teams and provide us with a plan to deliver a newest version of .net

    Regards`

    M
    L
    2 people like this
    • M
      Mark Segal
    • L
      Laurence DEBRIE
    Reid Gilbert
    Superhero (Employee)
    Forum|alt.badge.img+15
    • Reid Gilbert
    • Author
    • Superhero (Employee)
    • 343 replies
    • February 7, 2024

    Hi Michel,
    There are two tickets open with the R&D team at this time (one for the newtownsoft.json.dll file and one for the .NET 6.0.21 version).  We will let you know once they’ve completed their analysis.
    Thanks,
    Reid

    M
    Jacques Cormier
    2 people like this
    • M
      Michel_Guillou
    • Jacques Cormier
      Jacques Cormier

    Reply


    Terms & ConditionsCookie settings

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

     
    Cookie settings