Insecure Deployment: Unpatched Application
Our Web Inspect scan returns High vulnerability Insecure Deployment: Unpatched Application, vulnerability ID 11627. The vulnerability description is all about Spring Boot, but our web site does not use it. It is written in ASP.Net. Can anybody help me fix this issue?
How this vulnerability affects you.
How to remediate the issue.
If you are using Spring Boot version 1.4 or earlier, upgrade to at least Spring Boot version 1.5.
Be sure to secure all actuator endpoints that can reveal sensitive information by granting access only to users with a dedicated role to prevent accidental exposure of endpoints to users with other roles.
Short of marking it as a false positive and moving on, in order for us to make a more educated analysis we would need an export of the scan with traffic. As this is the case, opening a ticket with support would be in order to collect the information for further analysis.