BASE-1045: Critical CVE-2016-3088 activemq-protobuf 1.1 - False Positive
Summary | Security Scanners report CVE-2016-3088 in Base Module 6.1* and Email Collector 6.1.* |
---|---|
Advisory Release Date | 10.05.2022 |
Products | eptos Base Module (All Components) eptos Email Collector |
Affected Releases | eptos 6.1.* |
Fixed Releases | N/A false positive |
CVE ID | CVE-2016-3088 |
Issue ID | BASE-1045 |
Further information |
|
Summary of Vulnerability
Some securtity scanners like anchor and grype report CVE-2016-3088 as critical.
The report is false positve - since the security scanners assume from the name of the jar : activemq-protobuf-1.1.jar we are using the version 1.1 of Apache ActiveMQ.
In fact we are using ActiveMQ apache-activemq-5.16.2-bin and are updating the library regularily.
Software Fixes
N/A
What you need to do
N/A
Mitigation
N/A
Support
If you have questions or concerns regarding this advisory, check support (at) paradine,at and add BASE-1045 to your issue description.