Overview
Some eptos products utilizes a third-party library tomEE which itself uses the library ActiveMQ as part of its core services.
Security Scanners report CVE-2023-46604 in Base Module and Email Collector as security issue for the tomeEE version in place.
|
Summary |
Security Scanners report CVE-2016-3088 in Base Module 6.1* and Email Collector 6.1.* |
|---|---|
|
Advisory Release Date |
10.05.2022 |
|
Products |
eptos Base Module (All Components) eptos Email Collector |
|
Affected Releases |
eptos 6.1.* |
|
Fixed Releases |
N/A false positive |
|
CVE ID |
CVE-2023-46604 |
|
Issue ID |
.jira-issue { padding: 0 0 0 2px; line-height: 20px; } .jira-issue img { padding-right: 5px; } .jira-issue .aui-lozenge { line-height: 18px; vertical-align: top; } .jira-issue .icon { background-position: left center; background-repeat: no-repeat; display: inline-block; font-size: 0; max-height: 16px; text-align: left; text-indent: -9999em; vertical-align: text-bottom; } BASE-1911 - Getting issue details... STATUS |
|
Further information |
|
Summary of Vulnerability
Some securtity scanners like anchor and grype report CVE-2023-46604 as critical.
The report is false positve - since the security scanners assume from the name of the jar : activemq-protobuf-1.1.jar we are using the version 1.1 of Apache ActiveMQ.
In fact we are using ActiveMQ apache-activemq-5.16.2-bin and are updating the library regularily.
Software Fixes
N/A
What you need to do
N/A
Mitigation
N/A
Support
If you have questions or concerns regarding this advisory, check support (at) paradine,at and add BASE-1911 to your issue description.