Have a specific template that was created only for log4j scanning, remote/authenticated scan.
Vulnerabilities selected from individual checks from searching for these CVE’s (list provided from another thread):
Ran this recently for an application on a group of 36 servers.
Only one single finding on one server for = [Oracle WebLogic: CVE-2017-5645 : Critical Patch Update]
(I see this is part of my template and assume it was a result of one of the above cve searches…)
In my proof it says :
Vulnerable software installed: Oracle WebLogic 22.214.171.124.0 (D:\Oracle\Middleware\ExxxxxR1…)
— but the path appears to be truncated - is there a way to see the full path ?
Also I am told by the application team that 30 of the 36 servers are all running “Oracle WebLogic 126.96.36.199.0” which is what this findings seem to be discovering, yet it is only found on 1 asset , why not the other 29?
Assuming the check is only looking for the existence of specific files, and not ability to exploit the vuln, is this correct?
Thanks for any insight or something I am missing, feel like I spend a lot of time in the console making sense of things and reviewing false positives, possibly bc Im learning as I go but also seems to be a lot of inconsistencies in results…