I signed up for the Magento Security Scan tool. I thought it looks like a good idea to get warned if there are problems. I now get "critical issues found" results including:
- SUPEE-10415 has not been detected!
- SUPEE-9767 - Failed.
I checked both Patches:
- SUPEE-10415 or upgrade to Magento Open Source 220.127.116.11.
- SUPEE-9767 or upgrade to Community Edition 18.104.22.168
Since I did upgrade to 22.214.171.124 some time ago (before using the scan tool) I thought this patches should be included. Is this a false alarm or does it indicate that the upgrade didn't work?
The only way to be 100% sure is to download the patch and see if the changes have already been applied. It's unlikely that you'll be able to download exactly the right patch version, so I would just download the patch, look at the lines it wants to change and see if your system has the correct lines in place.
Same here for SUPEE-10415.
Store has been updated to 126.96.36.199....
I guess there is some theme or extension that surcharged an old version of the core, and that's why the vulnerability is still there... But the scan does not give any details, so it's quite complicated to find where the problem is...
I had this suspicion too. But mysteriously this warning disappeared from security scan tool without changing anything in my shop system. At the moment I suppose there was a change in the scan tool around Jan. 10th without notice. A little more transparency to the community wouldn't hurt... lo
I also received the warning that "SUPEE-10415 has not been detected!" on Magento 188.8.131.52 despite being patched. I've confirmed the patch is applied by checking several of the files. I'm not sure how to notify Magento of this issue.
Contact firstname.lastname@example.org and provide your site information that is being scanned.
Magento Security will work with you on this issue.
I didn't ask for advertising. This was a technical question about the Magento Security Scan Tool and not about or for anything else. So please choose a different way to advertise for whatever you want to sell.
Upgraded to Magento ver. 184.108.40.206, replacing all source and re-implementing local overwrites.
Magento security scan keeps alerting to "SUPEE-10415 has not been detected!".
Difficult to have confidence in this scan without having details of how to remedy the false alarm or details of the test.
Magento ver 220.127.116.11 - Added Mar 26, 2019 - Includes patch SUPEE-11086 as well as all previous security patches and PHP 7.2 compatibility patch - Includes dashboard charts patch MPERF-10509.diff - Does not include Authorize.net Signature Key patch due to issues with signature generation for non-English characters in addresses.