Overview
Some eptos products utilizes a third-party hazelcast-kubernetes.
Security Scanners report CVE-2016-1906 in Base Module 6.1* and Email Collector 6.1.* as security issue.
|
Summary |
Security Scanners report CVE-2016-1906 in Base Module 6.1* and Email Collector 6.1.* |
|---|---|
|
Advisory Release Date |
15.10.2021 |
|
Products |
eptos Base Module (All Components) eptos Email Collector |
|
Affected Releases |
eptos 6.1.* |
|
Fixed Releases |
N/A false positive |
|
CVE ID |
CVE-2015-7561 CVE-2016-1905 CVE-2016-1906 CVE-2016-7075 |
|
Issue ID |
.jira-issue { padding: 0 0 0 2px; line-height: 20px; } .jira-issue img { padding-right: 5px; } .jira-issue .aui-lozenge { line-height: 18px; vertical-align: top; } .jira-issue .icon { background-position: left center; background-repeat: no-repeat; display: inline-block; font-size: 0; max-height: 16px; text-align: left; text-indent: -9999em; vertical-align: text-bottom; } BASE-1340 - Getting issue details... STATUS |
|
Further information |
|
Summary of Vulnerability
Some securtity scanners like anchor and grype report CVE-2016-1906 as critical.
The report is false positve - since the security scanners assume from the name of the jar which version is used..
In fact we are using hazelcast-kubernetes-2.2.2 which is not vulnerable for CVE-2016-3088
Software Fixes
N/A
What you need to do
N/A
Mitigation
N/A
Support
If you have questions or concerns regarding this advisory, check support (at) paradine,at and add BASE-1340 to your issue description.