Oracle MySQL Vulnerability - not sufficient information provided

On one of our computers we have over 80 OracleMySQL Vulnerabilities with this as a proof:

Running MySQL service
Product MySQL exists – Oracle MySQL 5.7.28
Vulnerable version of product MySQL found – Oracle MySQL 5.7.28

The thing is, this version was already updated, all registries cleaned, and even Windows upgraded from 10 to 11, but still Insight Agent is reporting MySQL 5.7.28. It would be extremely helpful if it provided any information about how or what this scanner detected so we could clean it and fix it. But this is not the case. And even though the machine is running MySQL 8, the report is still showing 5.7.28

Has anyone had a similar experience?

Any advice on how to find what the agent is actually detecting?

1 Like

on the proof is it providing path data? Hive Entry? anything ?

That is the problem: there is nothing.

We have over 90 Oracle vulnerabilities that show no information and we claim that the machine has MySQL 5.7.28 even though we are positive the machine does not have MySQL 5.7.28; we have a whole file system, registry … everything.

Unfortunately, rapid7 does not provide useful information in the proof.

We checked the agent logs, and also, there is no MySQL nor 5.7.28 text in the whole file.