Overview
Some eptos products utilizes a third-party hazelcast-kubernetes.
Security Scanners report CVE-2016-1906 in Base Module 6.1* and Email Collector 6.1.* as security issue.
|
Summary |
Security Scanners report CVE-2016-1906 in Base Module 6.1* and Email Collector 6.1.* |
|---|---|
|
Advisory Release Date |
15.10.2021 |
|
Products |
eptos Base Module (All Components) eptos Email Collector |
|
Affected Releases |
eptos 6.1.* |
|
Fixed Releases |
N/A false positive |
|
CVE ID |
CVE-2015-7561 CVE-2016-1905 CVE-2016-1906 CVE-2016-7075 |
|
Issue ID |
BASE-1340 |
|
Further information |
|
Summary of Vulnerability
Some securtity scanners like anchor and grype report CVE-2016-1906 as critical.
The report is false positve - since the security scanners assume from the name of the jar which version is used..
In fact we are using hazelcast-kubernetes-2.2.2 which is not vulnerable for CVE-2016-3088
Software Fixes
N/A
What you need to do
N/A
Mitigation
N/A
Support
If you have questions or concerns regarding this advisory, check support (at) paradine,at and add BASE-1340 to your issue description.