Jump to content

CVE-2022-42889 update


Go to solution Solved by Marcos,

Recommended Posts

Hi,

 

Our vulnerability management tool is detecting CVE-2022-42889 on our ESET Protect On-Prem server.

 

We have tried to track this down and believe it is ESET using the affected version.

 

I understand from this topic that it was to be resolved last year, however, we're still getting alerts with the below versions.


Versions installed:

  • ESET Protect Server 11.0.14.0
  • MySQL 8.1
  • Apache Tomcat 9.0.86
  • Amazon Corretto 21
  • MySQL ODBC Driver 8.1.0
  • MySQL Workbench 8.0.36

 

Could you please confirm how we can address this CVE?

 

Thank you.

Link to comment
Share on other sites

  • Administrators
  • Solution

ESET is not using the affected Apache Commons Text library. Nevertheless, it was replaced with a fixed version in ESET PROTECT v10.1.2.0+ that was released about a year ago.

Link to comment
Share on other sites

1 hour ago, Marcos said:

Nevertheless, it was replaced with a fixed version in ESET PROTECT v10.1.2.0+ that was released about a year ago.

Which Apache Commons Text library ver. is it using? Vers.1.5 and through 1.9 are affected by the vulnerability.

Ref.: https://nvd.nist.gov/vuln/detail/cve-2022-42889#range-12723166

Link to comment
Share on other sites

  • Administrators

ESET doesn't use any version of it. However, it's included in VA. As of the version ESET PROTECT v10.1.2, there a newer version with a fix included (>1.9) Can't tell off the top of my head if it was 1.10 and now it's the latest 1.12 but surely it's a fixed one even if VA doesn't use it at all.

Link to comment
Share on other sites

commons-text-1.10 is deployed with ESET Protect Server 11.0.14.0. We had this detection because of a rogue backup file within the recycle bin! Thank you for the responses.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...