Skip to main content
commvault.com commvault.com
Solved

Vulnerability scanner (Qualys) is showing .ASP.NET as critical vulnerabilities

  • October 15, 2021
  • 3 replies
  • 751 views
J
Bit
Forum|alt.badge.img+2

I’m in a similar situation as kszaf.  Running FR 11.24 and have 5 .NET CORE and ASP .NET CORE installs of version 2.1.xx.  Our vulnerability scanner (Qualys) is showing them as critical vulnerabilities, so I went ahead and uninstalled them since it sounds like 11.24 should support 3.1.x. 

Rebooted and couldn’t access the Web Console.  Installed the .NET 2.1.30 Hosting Bundle and the Web Console works again.  I’ll probably put in a support ticket on Monday to see about how to remove those older versions properly.  The screenshot shows the ones I tried removing.

 

 

Best answer by JustSomeGuy

Ha.  Thanks @Mike Struening!  I’ll send you the case number through a private message so you can look at the details.  I worked with support on it yesterday and they were able to resolve the issue.  There ended up being a combination of things done in the end, so it’s hard to say if we can pinpoint the exact resolution.  

All .NET / ASP were uninstalled and then reinstalled just 3.1.20 (I believe the hosting bundle).  After that the environment variable path was modified so that the x64 version was above the x86 version. 

 

Everything seems to be working now and the vulnerability scanner is much happier with us!

Here’s a screenshot of the .NET versions installed on the commserve now:

 

View original
Did this answer your question?

3 replies

Mike Struening
Vaulter
Forum|alt.badge.img+23

Hi and welcome @JustSomeGuy (awesome name, btw)!

When you create that case, can you share the incident number with me for tracking?

Thanks!

https://www.linkedin.com/in/michael-struening
J
Bit
Forum|alt.badge.img+2
  • JustSomeGuy
  • Author
  • Bit
  • 2 replies
  • Answer
  • October 20, 2021

Ha.  Thanks @Mike Struening!  I’ll send you the case number through a private message so you can look at the details.  I worked with support on it yesterday and they were able to resolve the issue.  There ended up being a combination of things done in the end, so it’s hard to say if we can pinpoint the exact resolution.  

All .NET / ASP were uninstalled and then reinstalled just 3.1.20 (I believe the hosting bundle).  After that the environment variable path was modified so that the x64 version was above the x86 version. 

 

Everything seems to be working now and the vulnerability scanner is much happier with us!

Here’s a screenshot of the .NET versions installed on the commserve now:

 

MichaelCapon
1 person likes this
  • MichaelCapon
    MichaelCapon
Mike Struening
Vaulter
Forum|alt.badge.img+23

Glad to hear it!!!!

https://www.linkedin.com/in/michael-struening

Reply


Most helpful members this week

Terms & ConditionsCookie settings

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings