ePolicy Orchestrator Sustaining Statement SSC1805161 - Nessus Plugin ID 42424 – CGI Generic SQL injection (Not Vulnerable)
Last Modified: 2023-07-21 09:32:12 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
ePolicy Orchestrator Sustaining Statement SSC1805161 - Nessus Plugin ID 42424 – CGI Generic SQL injection (Not Vulnerable)
Technical Articles ID:
KB90610
Last Modified: 2023-07-21 09:32:12 Etc/GMT Environment
ePolicy Orchestrator (ePO) 5.x
Summary
This document describes the support position of Sustaining Engineering relative to a Trellix application. Trellix response to Nessus Plugin ID 42424: Overview This document addresses concerns about ePO affected by Nessus Plugin ID 42424 – CGI Generic SQL injection (blind). Description Customers who run a Nessus Scan against ePO might receive a flag for Nessus Plugin ID 42424 - CGI Generic SQL Injection (blind): Nessus Plugin ID 42424: A CGI application hosted on the remote web server is potentially prone to SQL injection attack (CGI Generic SQL Injection (blind)).
Research and Conclusions The ePO Engineering team has researched these reports and concluded that ePO is not vulnerable to this issue because there's no successful SQL injection attack. This Nessus plugin is an experimental script, and is prone to false-positives. ePO doesn't host any CGI scripts or applications, so the report is a false-positive. Disclaimer Any future product release dates mentioned in this statement are intended to outline our general product direction, and shouldn't be relied on in making a purchasing decision:
Affected ProductsLanguages:This article is available in the following languages: |
|