MariaDB is not MySQL

For compatibility MariaDB has a version prefix “5.5.5-”.

Just google it: https://www.google.com/search?q=mariadb+"5.5.5"+version

This is unfortunate, because InsightVM “thinks” it sees a MySQL-Server so it reports a ton of vulnerabilities for that.

What is the right way to deal with that? I could exclude all findings, but that would be a never ending story for every new MySQL vulnerability.

Kind regards

Kaspar

I reached out to the support. They were really fast an confirmed that the scanner incorrectly fingerprints MariaDB as MySQL causing False Positives.

It is now in the Engineering Backlog.