Skip to main content

BASE-1911: Critical CVE-2023-46604 activemq-protobuf 1.1 - False Positive

Overview

Some eptos products utilizes a third-party library tomEE which itself uses the library ActiveMQ as part of its core services.

Security Scanners report CVE-2023-46604 in Base Module and Email Collector as security issue for the tomeEE version in place.

Summary

Security Scanners report CVE-2016-3088 in Base Module 6.1* and Email Collector 6.1.*

Advisory Release Date

10.05.2022

Products

eptos Base Module (All Components)

eptos Email Collector

Affected Releases

eptos 6.1.*

Fixed Releases

N/A false positive

CVE ID

CVE-2023-46604

Issue ID

BASE-1911

Further information

Summary of Vulnerability

Some securtity scanners like anchor and grype report CVE-2023-46604 as critical.

The report is false positve - since the security scanners assume from the name of the jar : activemq-protobuf-1.1.jar we are using the version 1.1 of Apache ActiveMQ.

In fact we are using ActiveMQ apache-activemq-5.16.2-bin and are updating the library regularily.

Software Fixes

N/A

What you need to do

N/A

Mitigation

N/A

Support

If you have questions or concerns regarding this advisory, check support (at) paradine,at and add BASE-1911 to your issue description.



JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close