App Control Server Not Affected by PHP Vulnerability CVE-2024-4577
search cancel

App Control Server Not Affected by PHP Vulnerability CVE-2024-4577

book

Article ID: 369952

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

Vulnerability scan shows the App Control Server contains a PHP version associated with CVE-2024-4577.

Environment

  • App Control Server: 8.10.4 and lower
  • Microsoft Windows: All Supported Versions
  • PHP: versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8

Cause

App Control Server contains a PHP version associated with CVE-2024-4577.

Resolution

  • App Control Server does not use Apache, and thus is not exposed to this vulnerability.
  • Upgrading to Server version 8.11.0+ will update PHP to version 8.3.14 to satisfy vulnerability scanners.

Additional Information

  • Libraries (such as PHP) are updated with each Server release.
  • Subscribe to Product Update Notifications to be alerted when a new Server Release is available.
  • Do not attempt to update the PHP Library or make any modifications to the PHP Library used by App Control. Doing so will cause issues accessing the Console.
Powered by Wolken Software