Advertisement
I ran a GVM (openvas) vulnerability scan against my network. Sadly many CVEs were returned all stemming from Spiceworks. Is there a fix for all of these issues?
\nOpenSSL End of Life Detection Windows Severity:10.0 port 4343
\nOpenSSL End of Life Detection Windows Severity:10.0 port 8059
\nApache Http Sever 2.4.20 - 2.4.39 multiple vulnerabilities Severity:7.8 port 4343
\nApache Http Sever 2.4.20 - 2.4.39 multiple vulnerabilities Severity:7.8 port 8059
\nApache Http Server multiple vulnerabilities Apr18 Severity 6.8 port 4343 and 8059
\nApache http Server memory access vulnerability Severity:6.4 port 8059 and 4343<\/p>\n
There are several more apache vulnerabilities listed that are under 6.4 vulnerability but there are quite a few. I understand this is a free software but I can’t run this on my network with all of these problems. Does anyone know how to upgrade apache and openssl without breaking Spiceworks?<\/p>","upvoteCount":7,"answerCount":5,"datePublished":"2021-06-10T19:18:13.000Z","author":{"@type":"Person","name":"spiceuser-9ztnj","url":"https://community.spiceworks.com/u/spiceuser-9ztnj"},"suggestedAnswer":[{"@type":"Answer","text":"
I ran a GVM (openvas) vulnerability scan against my network. Sadly many CVEs were returned all stemming from Spiceworks. Is there a fix for all of these issues?
\nOpenSSL End of Life Detection Windows Severity:10.0 port 4343
\nOpenSSL End of Life Detection Windows Severity:10.0 port 8059
\nApache Http Sever 2.4.20 - 2.4.39 multiple vulnerabilities Severity:7.8 port 4343
\nApache Http Sever 2.4.20 - 2.4.39 multiple vulnerabilities Severity:7.8 port 8059
\nApache Http Server multiple vulnerabilities Apr18 Severity 6.8 port 4343 and 8059
\nApache http Server memory access vulnerability Severity:6.4 port 8059 and 4343<\/p>\n
There are several more apache vulnerabilities listed that are under 6.4 vulnerability but there are quite a few. I understand this is a free software but I can’t run this on my network with all of these problems. Does anyone know how to upgrade apache and openssl without breaking Spiceworks?<\/p>","upvoteCount":7,"datePublished":"2021-06-10T19:18:13.000Z","url":"https://community.spiceworks.com/t/current-security-vulnerabilities-in-spcieworks/802438/1","author":{"@type":"Person","name":"spiceuser-9ztnj","url":"https://community.spiceworks.com/u/spiceuser-9ztnj"}},{"@type":"Answer","text":"
I will wager that the overwhelming answer will be to move to their cloud product.<\/p>","upvoteCount":1,"datePublished":"2021-06-10T19:47:07.000Z","url":"https://community.spiceworks.com/t/current-security-vulnerabilities-in-spcieworks/802438/2","author":{"@type":"Person","name":"milerky2","url":"https://community.spiceworks.com/u/milerky2"}},{"@type":"Answer","text":"
Spiceworks is no longer maintaining their Windows product. They have a cloud option and an Vmware appliance option, which they are maintaining.<\/p>\n
Best option if you don’t want to change is simply ensure your Spiceworks server is doing nothing else and is protected from the general internet.<\/p>","upvoteCount":0,"datePublished":"2021-06-10T19:56:56.000Z","url":"https://community.spiceworks.com/t/current-security-vulnerabilities-in-spcieworks/802438/3","author":{"@type":"Person","name":"Mike400","url":"https://community.spiceworks.com/u/Mike400"}},{"@type":"Answer","text":"
Welcome to Spiceworks and its community.<\/p>\n