In the servers where we have installed ObserveIT, version 18.104.22.168, when carrying out a vulnerability scan we have come up with the following ones.
-CVE-2017-6168 CVE-2017-17382 CVE-2017-17427 CVE-2017-17428 CVE-2017-12373 CVE-2017-13098 CVE-2017-1000385 CVE-2017-13099 CVE-2016-6883 CVE-2012-5081
Can you tell us if it is compatible with the product version that we currently have installed?
CA PIM 12.8 and 12.9
Basically, ObserveIT is not vulnerable to the open SSL bug (heartbleed) as it does not use open SSL. and the ObserveIT Application server is Microsoft-IIS based, which used Only Microsoft technology and hence it is not susceptible to the HeartBleed vulnerability.
Most of the issues that were reported are TLS 1.0 and 1.1 issues, and this was due to the usage of .Net 3.5 in older ObserveIT versions, such 22.214.171.124.
Since ObserveIT v7.4 it is using .Net 4 and the system now supports TLS v1.2.
It is suggested to upgrade the version to a newer one in order to be able to resolve vulnerabilities coming from the usage of TLS 1.0 and 1.1.