commvault.com commvault.com
Solved

Vulnerability scanner (Qualys) is showing .ASP.NET as critical vulnerabilities

  • 15 October 2021
  • 3 replies
  • 596 views
J
Rank
Badge +2

I’m in a similar situation as kszaf.  Running FR 11.24 and have 5 .NET CORE and ASP .NET CORE installs of version 2.1.xx.  Our vulnerability scanner (Qualys) is showing them as critical vulnerabilities, so I went ahead and uninstalled them since it sounds like 11.24 should support 3.1.x. 

Rebooted and couldn’t access the Web Console.  Installed the .NET 2.1.30 Hosting Bundle and the Web Console works again.  I’ll probably put in a support ticket on Monday to see about how to remove those older versions properly.  The screenshot shows the ones I tried removing.

 

 

icon

Best answer by JustSomeGuy 20 October 2021, 17:04

View original

3 replies

J
Rank
Badge +2

Ha.  Thanks @Mike Struening!  I’ll send you the case number through a private message so you can look at the details.  I worked with support on it yesterday and they were able to resolve the issue.  There ended up being a combination of things done in the end, so it’s hard to say if we can pinpoint the exact resolution.  

All .NET / ASP were uninstalled and then reinstalled just 3.1.20 (I believe the hosting bundle).  After that the environment variable path was modified so that the x64 version was above the x86 version. 

 

Everything seems to be working now and the vulnerability scanner is much happier with us!

Here’s a screenshot of the .NET versions installed on the commserve now:

 

Mike Struening RETIRED
Rank
Userlevel 7
Badge +23

Hi and welcome @JustSomeGuy (awesome name, btw)!

When you create that case, can you share the incident number with me for tracking?

Thanks!

https://www.linkedin.com/in/michael-struening
Mike Struening RETIRED
Rank
Userlevel 7
Badge +23

Glad to hear it!!!!

https://www.linkedin.com/in/michael-struening

Reply


Terms & ConditionsCookie settings