NOTIFIED: Rubrik Backup Service (RBS) Security Vulnerability – CDM 7.0.1, 7.0.1-p1, 7.0.1-p2, and 7.0.1-p3
The Security Response Team at Rubrik recently identified and addressed a critical vulnerability (CVE-2022-30984) in the Rubrik Backup Service (RBS) agent software for Linux and Unix protected by a CDM cluster or virtual instance running:
- CDM 7.0.1
- CDM 7.0.1-p1
- CDM 7.0.1-p2
- CDM 7.0.1-p3
What is the issue:
While Rubrik products cannot be directly exploited through this vulnerability, Linux and Unix-based protected resources and/or host systems in a customer’s environment are at risk if they have an affected version of the RBS agent installed.
Are you impacted:
Rubrik customers are impacted when/if they have Linux or Unix-based (including AIX, Solaris, HPUX) protected resources and/or host systems in their environment with the RBS agent installed, AND those protected resources and/or host systems are protected by a CDM cluster or virtual instance running the above listed CDM.
How to fix this issue:
Rubrik recommends customers upgrade to CDM 7.0.2-p2 (or later) immediately.
Customers who do not have the RBS Linux agent installed on protected resources and/or host systems should still upgrade to CDM 7.0.2-p2. Running CDM 7.0.2-p2 (or later) prevents the possibility of an affected version being deployed in the future.
Rubrik asks customers to perform the CDM upgrade from Polaris or the CLI. If you or your team require assistance in this, please contact your CDI account manager, fill out this form, or contact Rubrik support directly via email or support portal.
- Polaris: From Polaris, in the upper-right corner, click the gear icon and then select CDM upgrades
- CLI: If Polaris GPS is not used to manage CDM clusters, please upgrade via CLI