Is Endpoint Protection Manager impacted by CVE-2023-31122, CVE-2023-43622, and CVE-2023-45802
search cancel

Is Endpoint Protection Manager impacted by CVE-2023-31122, CVE-2023-43622, and CVE-2023-45802

book

Article ID: 275336

calendar_today

Updated On:

Products

Endpoint Protection Endpoint Protection

Issue/Introduction

The vulnerability scanner has detected the following vulnerabilities for Apache version 2.4.55.768 installed on Symantec Endpoint Protection Manager (SEPM) server.

CVE-2023-31122
CVE-2023-43622
CVE-2023-45802

Plugin Output: 

Path              : C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\apache\bin\httpd.exe
Installed version: 2.4.55.768
Fixed version: 2.4.58

Resolution

Nessus does not know whether a module in Apache is loaded, therefore it assumes a product is vulnerable if the version matches.

CVE-2023-31122: Not vulnerable. mod_macro is not deployed by SEPM
CVE-2023-43622: Not vulnerable. HTTP 2 is not configured for SEPM Apache
CVE-2023-45802: Not vulnerable. HTTP 2 is not configured for SEPM Apache