Vulnerability Management

Vulnerability Management

Hi,

We working with ADSelfservice Plus
Our vulnerability Mangenent generate alerts of discoverd vulnerabilities
On the server hosted ADselfservice plus is found a uvlnerabilitie indentified as CVE-2022-42889

2 files located in the prograk folder of Manaeengine are infected with a Apache Commons Text vulnerability.

Yesterday I update de ADSelfsevice Plus software at the latsted release.
However the alert is not gone

The recommandation is to update "apache commons text" to at least version 1.10.0

I don;t find this application on the server so I think it's a part of the ADSelfsevice plus application.

The infected files are
This filelocation points to an old version location, can I can delete them without any problem?
c:\manageengine\adselfservice plus\patch\manageengine_adselfservice_plus-6.2.0-sp-9.9.0\server\lib\commons-text-1.6.jar

c:\manageengine\adselfservice plus\patch\manageengine_adselfservice_plus-6.2.0-sp-9.9.0\server\lib\commons-text-1.8.jar
The filelocation, of this files, points to an old version location, can I can delete them without any problem?


In the patch file location of the current version of ADSelfService PLus (6.405) doesnot contains any jar file.
Please advise me what to do



                New to ADSelfService Plus?