Environment
- Carbon Black Cloud Console: All Versions
- Workload
Symptoms
The Vulnerabilities tab in our console shows moderate vulnerability with CVE-2019-10086 for an irrelevant application called "Pycairo" while the actual (CVE-2019-10086) is meant for Apache Commons NetBeans.
https://nvd.nist.gov/vuln/detail/CVE-2019-10086
Cause
The NVD site has not updated the vulnerability details that do exist for the Pycairo application with regards to the mentioned CVE.
Resolution
- The Mentioned CVE does exist for Pycairo, This can be Checked on the Below RedHat Advisory. Red Hat Security Advisory 2020-1454-01 ≈ Packet Storm
- For fixing this moderate vulnerability(CVE-2019-10086) we should have to update the Pycairo application to the (1.20.1) latest version.
Related Content