Hello. Recently inside my organization some of my group's servers have been flagged with a vulnerability regarding Apache MINA. Here is a clip from the email that was brought to our attention:
CVE-2022-45047 Summary: Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for loading the host keys of an SSH server. CVSS Score: 0 CVSS V3 Score: 9.8 CWE ID: CWE-502 Vulnerable Packages: cpe:2.3:a:apache:sshd:*:*:*:*:*:*:*:* Published: November 16, 2022 Last Modified: November 18, 2022 References: https://www.mail-archive.com/[email protected]/msg39312.html I am unaware of specifically what Apache MINA is, or how it relates to any project or service that currently runs on our servers. I would like to identify where this service is on our servers so that it can either be removed (if not used) or updated so that we are no longer flagged for this vulnerability. Could someone please explain to me how I can locate this application or service on our MS Azure server, and possibly identify if it is something that we actually need, and how it can be removed or updated? Thanks! -- Christopher McCoy
