cancel
Showing results for 
Search instead for 
Did you mean: 

Magento Security Scan Tool - false alarm?

Magento Security Scan Tool - false alarm?

I signed up for the Magento Security Scan tool. I thought it looks like a good idea to get warned if there are problems. I now get "critical issues found" results including:

- SUPEE-10415 has not been detected!

- SUPEE-9767 - Failed.

I checked both Patches:

- SUPEE-10415 or upgrade to Magento Open Source 1.9.3.7.

- SUPEE-9767 or upgrade to Community Edition 1.9.3.3

Since I did upgrade to 1.9.3.7 some time ago (before using the scan tool) I thought this patches should be included. Is this a false alarm or does it indicate that the upgrade didn't work?

Lo.

7 REPLIES 7

Re: Magento Security Scan Tool - false alarm?

The only way to be 100% sure is to download the patch and see if the changes have already been applied. It's unlikely that you'll be able to download exactly the right patch version, so I would just download the patch, look at the lines it wants to change and see if your system has the correct lines in place.

----
If you've found one of my answers useful, please give "Kudos" or "Accept as Solution" as appropriate. Thanks!

Re: Magento Security Scan Tool - false alarm?

Same here for SUPEE-10415.

Store has been updated to 1.9.3.7....

I guess there is some theme or extension that surcharged an old version of the core, and that's why the vulnerability is still there... But the scan does not give any details, so it's quite complicated to find where the problem is...

Re: Magento Security Scan Tool - false alarm?

I had this suspicion too. But mysteriously this warning disappeared from security scan tool without changing anything in my shop system. At the moment I suppose there was a change in the scan tool around Jan. 10th without notice. A little more transparency to the community wouldn't hurt...  lo

 

 

Re: Magento Security Scan Tool - false alarm?

I also received the warning that "SUPEE-10415 has not been detected!" on Magento 1.6.2.0 despite being patched. I've confirmed the patch is applied by checking several of the files. I'm not sure how to notify Magento of this issue.

Re: Magento Security Scan Tool - false alarm?

Contact security@magento.com and provide your site information that is being scanned.

 

Magento Security will work with you on this issue.

Re: Magento Security Scan Tool - false alarm?

I didn't ask for advertising. This was a technical question about the Magento Security Scan Tool and not about or for anything else. So please choose a different way to advertise for whatever you want to sell.

 

Lo.

Re: Magento Security Scan Tool - false alarm?

Upgraded to Magento ver. 1.9.4.1, replacing all source and re-implementing local overwrites.

 

Magento security scan keeps alerting to "SUPEE-10415 has not been detected!".

 

Difficult to have confidence in this scan without having details of how to remedy the false alarm or details of the test.

 

https://devdocs.magento.com/guides/m1x/ce19-ee114/ce1.9_release-notes.html#ce19-1941

Magento ver 1.9.4.1  - Added Mar 26, 2019 - Includes patch SUPEE-11086 as well as all previous security patches and PHP 7.2 compatibility patch - Includes dashboard charts patch MPERF-10509.diff - Does not include Authorize.net Signature Key patch due to issues with signature generation for non-English characters in addresses.