Tenable scanner reports a vulnerable openssh version on Aria Operations for logs because the version is less than 9.

Aria Operations for Logs 8.18.5

The scanner shows the reference to CVEs CVE-2024-39894 and CVE-2024-6387 from Nessus Plugin ID 201194 and is detecting a version of openssh less than the recommended version of openssh for these two vulnerabilities.

VMware By Broadcom is aware of CVE-2024-39894.
Please refer to the release notes for existing and forthcoming product releases for any updates in relation to this CVE.
Should you require further information please contact Broadcom Support.

VMware By Broadcom is aware of CVE-2024-6387.
Please refer to the release notes for existing and forthcoming product releases for any updates in relation to this CVE.
Should you require further information please contact Broadcom Support.

Please see the following KBs for more information:

• Vulnerability scanner is reporting vulnerability with Openssh Package in Aria Operations for Logs
• False Positives for CVE-2024-6387, CVE-2024-39894 and CVE-2023-25136 in Security Scans on Aria Operations for Logs 8.18.4 or later