In the Prisma i can see vulnerabilities pointing on files that are not there anymore

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

In the Prisma i can see vulnerabilities pointing on files that are not there anymore

L1 Bithead
Hello everyone,
 
In the Prisma compliance check, I see some vulnerabilities that seem outdated.
For example, Prisma reports a vulnerable file that does not exist and, most likely, it's not there for a while.

Is it a bug, or I'm missing something?

 

-Andrey



Please note you are posting a public message where community members and experts can provide assistance. Sharing private information such as serial numbers or company information is not recommended.



Please note you are posting a public message where community members and experts can provide assistance. Sharing private information such as serial numbers or company information is not recommended.



Please note you are posting a public message where community members and experts can provide assistance. Sharing private information such as serial numbers or company information is not recommended.
5 REPLIES 5

L2 Linker

Hi Andrey,

 

 I hope you are doing well. I went through the screenshots you attached. Can you look for the "org.codehaus.plex
us dexus-unis" package in the package info tab and let me know what are you seeing?

 

Regards,

Muhammad Wahaaj Siddiqui | Sr. Technical Support Engineer - Prisma Cloud Compute | PCCSE, CKA, CKS, AWS SysOps, AWS DevOps Professional

Hello Muhammad,

 

Thanks a lot for your reply!

 

I can't find the dexus-unis in the packages list. I took screenshots of "org.codehaus.plexus".

It has 9 available components.

 

-Andrey

Hi Andrey,

 

Thank you for providing the screenshots. According to it, you are currently using version 1.5.15 of "org.codehaus.plexus_plexus-utils". Since the type of this vulnerability is "jar", you will not be able to locate it on the host. You need to update the pom.xml file for the Plexus package to update it. You have to use at least the 3.0.16 version to avoid this vulnerability and remove the old versions. I hope this answers your question.

 

Regards,

Muhammad Wahaaj Siddiqui | Sr. Technical Support Engineer - Prisma Cloud Compute | PCCSE, CKA, CKS, AWS SysOps, AWS DevOps Professional

Thanks, Muhammad!

 

I will take note of the problem with pom.xml.

I found the problem source. That was a system with a duplicate name in the defender.config

 

Regards,

Andrey

 

L2 Linker

Hi Andrey,

 

Good to know that you were able to find the source of the problem. Let me know if you have any other questions.

 

Regards,

Muhammad Wahaaj Siddiqui | Sr. Technical Support Engineer - Prisma Cloud Compute | PCCSE, CKA, CKS, AWS SysOps, AWS DevOps Professional
  • 4160 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!