Vertica MC and CVE-2014-3625 - Directory traversal vulnerability in Pivotal Spring Framework
Our client has started running credentialed, Acunetix web server vulerability/penetration scan processes. The Vertica MC was flagged for several vulnerabilities that were ranked "High"..
In working with support, we were able to show that the VMC in reality was not vulnerable to all but one of the CVE's indicated. The one persistent CVE was CVE-2014-3625.
The last exchange with suport on that item we received from product R&D was that the root VMC issue with CVE-2014-3625 would be addressed in the VMC component scheduled to be bundled with Vertica version 9.2, however no GA date was then available..
At this time our client is seriously considering shutting down existing VMC for the near term to avoid certain audit issues even if it means their developers and application DBA's might lose access to well used functionality (such as graphical explains plans, etc.)
Client has asked us to help them determine if there would any any 3rd part DBMS tool they might deploy a 3rd party solution which could provide some or most of the VMC enabled functionality being used by their developers and DBA's.
At present, two 3rd party tools being considered:
Is there any experience with either of these tools when used with Vertica we might tap into? Would there be any others in anyone's experience that might be worth considering to support the typical work needs of application developers and application DBA's?
At this point we are most interested in feedback around what each tool does or does not do well when used with Vertica...Many thanks in advance!