Skip to main content

BASE-1340: Critical Vulnerability CVE-2016-1906 hazelcast-kubernetes - Critical - False Positive

Overview

Some eptos products utilizes a third-party hazelcast-kubernetes.

Security Scanners report CVE-2016-1906 in Base Module 6.1* and Email Collector 6.1.* as security issue.

Summary

Security Scanners report CVE-2016-1906 in Base Module 6.1* and Email Collector 6.1.*

Advisory Release Date

15.10.2021

Products

eptos Base Module (All Components)

eptos Email Collector

Affected Releases

eptos 6.1.*

Fixed Releases

N/A false positive

CVE ID

CVE-2015-7561

CVE-2016-1905

CVE-2016-1906

CVE-2016-7075

Issue ID

BASE-1340

Further information

Summary of Vulnerability

Some securtity scanners like anchor and grype report CVE-2016-1906 as critical.

The report is false positve - since the security scanners assume from the name of the jar which version is used..

In fact we are using hazelcast-kubernetes-2.2.2 which is not vulnerable for CVE-2016-3088

Software Fixes

N/A

What you need to do

N/A

Mitigation

N/A

Support

If you have questions or concerns regarding this advisory, check support (at) paradine,at and add BASE-1340 to your issue description.



JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close