Overview
Some eptos products utilizes a third-party library tomEE which itself uses the library ActiveMQ as part of its core services.
Security Scanners report CVE-2023-46604 in Base Module and Email Collector as security issue for the tomeEE version in place.
|
Summary |
Security Scanners report CVE-2016-3088 in Base Module 6.1* and Email Collector 6.1.* |
|---|---|
|
Advisory Release Date |
10.05.2022 |
|
Products |
eptos Base Module (All Components) eptos Email Collector |
|
Affected Releases |
eptos 6.1.* |
|
Fixed Releases |
N/A false positive |
|
CVE ID |
CVE-2023-46604 |
|
Issue ID |
BASE-1911 |
|
Further information |
|
Summary of Vulnerability
Some securtity scanners like anchor and grype report CVE-2023-46604 as critical.
The report is false positve - since the security scanners assume from the name of the jar : activemq-protobuf-1.1.jar we are using the version 1.1 of Apache ActiveMQ.
In fact we are using ActiveMQ apache-activemq-5.16.2-bin and are updating the library regularily.
Software Fixes
N/A
What you need to do
N/A
Mitigation
N/A
Support
If you have questions or concerns regarding this advisory, check support (at) paradine,at and add BASE-1911 to your issue description.