Skyline

 View Only
  • 1.  Skyline False Positive - Finding 201914 and 201819

    Posted Nov 14, 2023 09:19 PM
      |   view attached

    We are receiving these two upgrade recommendations for our environment.

    201914 reads:

    Recommendations

    • This vunerability is mitigated in Horizon client version 5.2.0.

    Helpful Links

     https://www.vmware.com/security/advisories/VMSA-2019-0014.html

    201819 reads:

    Recommendations

    • This vulnerability is mitigated in Horizon Connection Server 7.5.1

    Helpful Links

     
    But we are clearly on 8.8.0.21073894 (see attached image)
     
    How can this be cleared without me muting the finding?


  • 2.  RE: Skyline False Positive - Finding 201914 and 201819

    Posted Jan 02, 2024 11:09 PM

    It is possible that your current version has already fixed the vulnerabilities that the recommended versions address. If so, the upgrade recommendations might be erroneous or outdated, or they might not recognize your current version as secure.

    To resolve this without ignoring the finding, you could:

    - Verify the Vulnerabilities: Check the advisories (VMSA-2019-0014 and VMSA-2018-0019) to see if the vulnerabilities they mention are fixed in your current version (8.8.0.21073894). You can do this by following the advisory links and comparing them with the release notes or security advisories for your current version.
    - Contact Support: If your current version has fixed the vulnerabilities, report this issue to VMware support. They might need to update their vulnerability detection mechanism to recognize your current version as secure.
    - Update the Detection Mechanism: If you can control the vulnerability detection mechanism, you might need to update it to recognize your current version as secure.



  • 3.  RE: Skyline False Positive - Finding 201914 and 201819

    Posted Jan 12, 2024 09:19 AM

    Hey,

    Got this notice about upgrading for vulnerabilities 201914 and 201819. The suggestions say we need Horizon client 5.2.0 and Horizon Connection Server 7.5.1, but we're already on version 8.8.0.21073894 

    Trying to figure out how to clear this without just muting it. Thinking of reaching out to VMware support, giving them the lowdown on our current version, and getting the scoop on whether these vulnerabilities still apply. Wanna make sure we've got the right info and that the Skyline tool didn't miss something.

    Any thoughts?