A security vulnerability has been reported on older versions of .NET (6.0.20 and lower), details on that are as follows:
The vulnerability involves Microsoft's .NET, which are frequent attack vectors for malicious cyber actors. The nature of the exploit in this attack is unclear, but Windows has acknowledged the existence of a proof-of-concept (PoC) about this vulnerability. Exploiting this vulnerability allows malicious attackers to perform denial-of-service attacks on the system.
If you are running the Mobile Edge application on version 15.4.9.0 or lower then your environment is not running on .NET 6.0.21 which contains the fix for this vulnerability. Versions 15.4.10.0 and higher of Mobile Edge include the support for .NET 6.0.21 and will automatically upgrade the environment as part of the installation process so if you are not running on V15.4.10.0 or higher at this time please reach out to the Support Department or your Project Manager to escalate the upgrade effort.
Thanks,
Reid
.NET Security Vulnerability reported in older versions of Mobile Edge
+15
+21
Also to point out… the Alliance Enterprise SU6 comes with the Mobile Edge 15.4.10.0 upgrade package.
Further, if you do have an earlier version and have an IFS customized version of Mobile Edge specifically for your company (e.g. 15.4.9.0 1 ) please contact IFS to arrange the customizations are also available for 15.4.10.0 or higher.
+15
Good point...we should also mention that Alliance Enterprise SU7 included the standard Mobile Edge V15.4.11.0 Maintenance Release (this is the latest release version).
+2
Hi Reid & Phil
thank you for the post. However, I recently created an incident on your support platform about .NET 6.0.21. We have already installed Mobile edge 15.4.10 which provided .NET 6.0.21 as you mentionned.
However our Group Security team raised a critical security alert about .NET 6.0.21 ( CVE-2023-44487).
I was expecting Mobile Edge 15.4.11 to fix the topic.
Can you investigate with your teams and provide us with a plan to deliver a newest version of .net
Regards`
+15
Hi Michel,
There are two tickets open with the R&D team at this time (one for the newtownsoft.json.dll file and one for the .NET 6.0.21 version). We will let you know once they’ve completed their analysis.
Thanks,
Reid
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.