On 14/08/2020 12:24, Nic P wrote:
> Mark - per NIST this CVEis listed as impact to tomcat
> https://nvd.nist.gov/vuln/detail/CVE-2016-5388 which is how we came to find
> evidence for audit on the version where this was remediated.
As per that description:
...this is not a CVE ID for a vulnerabili
Mark - per NIST this CVEis listed as impact to tomcat
https://nvd.nist.gov/vuln/detail/CVE-2016-5388 which is how we came to find
evidence for audit on the version where this was remediated.
On Fri, Aug 14, 2020 at 4:15 AM Mark Thomas wrote:
> On 13/08/2020 20:52, Nic P wrote:
> > Hi
> >
> > Ca
On 13/08/2020 20:52, Nic P wrote:
> Hi
>
> Can anyone help me understand why some CVE's show in the changelog but not
> on the security report?
>
> Example is CVE-2016-5388 which shows as fixed in 8.0.37 changelog but
> missing on the security report.
>
> This has come up in a audit and hard to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Nic,
On 8/13/20 15:52, Nic P wrote:
> Hi
>
> Can anyone help me understand why some CVE's show in the changelog
> but not on the security report?
>
> Example is CVE-2016-5388 which shows as fixed in 8.0.37 changelog
> but missing on the security re
Hi
Can anyone help me understand why some CVE's show in the changelog but not
on the security report?
Example is CVE-2016-5388 which shows as fixed in 8.0.37 changelog but
missing on the security report.
This has come up in a audit and hard to explain which is the System of
Record information f
