CVE-2004-0230 and CVE-2019-16905 in Security Analytics

search cancel

CVE-2004-0230 and CVE-2019-16905 in Security Analytics

book

Article ID: 236650

calendar_today

Updated On:

Products

Security Analytics Security Analytics - VA

Issue/Introduction

A recent Qualys scan is showing the two CVE findings listed below in Security Analytics appliances.

CVE-2004-0230 - TCP Sequence Number Approximation Based Denial of Service
CVE-2019-16905 - OpenSSH Integer overflow Vulnerability

Environment

Release : 8.2.x

Resolution

Security Analytics 8.2.x releases are not vulnerable to CVE-2019-16905. SA. 8.2.x uses OpenSSH 8.0 (openssh-8.0p1-4.atpsa1.x86_64). However, the XMSS is not enabled in the OpenSSH build.

CVE-2004-0230 is not fixed in Linux because it is not viewed as a problem. Red Hat's explanation is found at
https://access.redhat.com/security/cve/cve-2004-0230.

These are both false positives and can be ignored.

Feedback

thumb_up Yes

thumb_down No