We  are of understanding that starting from NFA 23.3.13 is supporting 64 bit MySQL ODBC connector, after we installed NFA 23.3.13, NFA console server was installed with 64 bit MySQL ODBC connector 8.4.0 in the following folder:  C:\Program File\MySQL\Connector ODBC 8.4\

In the recent security scan finding it was detected that there is a 32 bit MySQL ODBC connector version 8.0.37 under the following path:

C:\Program File(x86)\MySQL\Connector ODBC 8.0\

We would like to check if the 32 bit MySQL ODBC connector can be uninstalled from NFA console server.

DX NetOps Network flow Analysis 23.3.13

• NFA 23.3.13 release is using both the 8.0.37 (32-bit) and 8.4 (64-bit) MySQL connectors.

• According to MySQL Connector/ODBC Downloads:

  • 8.0.37 is the latest 32-bit connector.
  • 9.0 is the latest 64-bit connector.
  • Both versions provide the same level of security updates.

• However, scanners generally do not check for version branches and only look at the version numbers. As a result, while 8.0.37 should have the same vulnerabilities fixed as other versions, it may still flag differently due to this oversight.

• From the NFA 23.3.12+ perspective, the proxy service application within IIS is still 32-bit.

  • DefaultAppPool: 64-bit
  • ReporterAnalyzerWebSite: 64-bit
  • ProxyServices: 32-bit

Reference: Broadcom Article #376820

Both connectors are required for NFA to function properly. The ETA for a future release where all NFA components will support 64-bit is still unknown at this point of time.