Nessus scan results suggest Commander is vulnerable to CGI generic SQL injection

Title

Commander 9.6.2 upgrades the included Apache Tomcat webserver to version 9.0.84. The HTTP Response code was changed as a response to a Blind SQL Injection test. Some security scanning tools may identify this as a vulnerability, as described in Nessus/42424 .

Note that it has been investigated and tested, and does not pose a security risk, as SQL scripts cannot be injected and executed.

The response code may be updated in Commander 9.7.x but for now please consider these reports to be false positives.

Was this helpful?

Support Hub

Product

Snow Commander

Deployment type

Cloud;On-premises;Service Provider Edition (SPE)

Visibility

Guest

URL Name

Nessus-scan-results-suggest-Commander-is-vulnerable-to-CGI-generic-SQL-injection

Are you sure you want to cancel the case creation?

Case closed successfully

Action performed successfully

Upload Attachment

Maximum file size allowed is 3 MB.

File type not supported.

Supported file types:

Documents (.txt, .doc, .docx, .pdf), Images (.jpg, .png), Comma Separated Files (.csv) Speadsheets (.xlsx, .xls)

Are you sure you want to close this case

Get Hotline support

Products	Region	Phone Numbers
FlexNet Operations FlexNet Embedded FlexNet Publisher FlexNet Connect FlexNet Code Insight InstallAnywhere InstallShield	North America *	+1 630-332-2513 (toll) +1 877-279-2853 (toll-free in North America)
	Europe *	+44 1925 944367 (toll) +44 800 047 8642 (toll-free in Europe)
	Japan *	+81 3-4540-5335 (select option 2)
	Australia *	+61 3 9895 2177 +61 1800 560 603 (toll-free in Australia)
Usage Intelligence (formerly Revulytics) Compliance Intelligence	Please use the Case Portal to submit your support ticket or reach out to your Revenera contact.

Related Articles

Please wait...

Case id: 00001065