Zum Hauptinhalt gehen

Suche

Suche

EOL/Obsolete Software: Microsoft Structured Query Language (SQL) Server Compact 4.0 Detected vulnerability

Kommentare

7 Kommentare

  • Avatar
    Thiyagu Palanisamy

    Hi Xabier,

    As i am a license administrator I will use only "Administration Console" to do the licensing related activities (activate, deactivate, checking the usage etc..). As per the article only below components required SQL Server Compact and i don't see "Administration Console" required SQL Server Compact. So I am good to uninstall "SQL Server Compact 4.0" in my license server and it will not impact the "Administration Console" functionality to do the licensing activities right ?

    • Reprint Console and Print Job logging
    • History Explorer
    • Data Builder
    • Security settings, including permissions, logging, signatures, and encryption
    • Cloud storage locations
    • Librarian
    • BarTender Print Portal
    0
  • Avatar
    Xabier Clemente
    Moderator

    Hi Thiyagu,

    Forgive my previous response, it would seem at present, Microsoft SQL Server Compact 4.0 is still a required prerequisite for a properly functional BarTender Suite. It's used by a few of our applications, so removal will have some impact but much of our product suite should continue to work.

    While the 4.0 is at end of life, Microsoft SQL Server Compact 4.0 SP1 can be used as an in-place replacement (published April of 2020 and included in newer BarTender versions).  We would recommend swapping the depreciated software for the new Microsoft SQL Server Compact 4.0 SP1.

    Again, forgive my previous answer.

    0
  • Avatar
    Thiyagu Palanisamy

    Hi Xabier,

    I have installed Microsoft SQL Server Compact 4.0 SP1 in the license server and requested security team to Re-scan. In the report Microsoft SQL Server Compact 4.0 SP1 is also a vulnerable.

    Can you please let me know this vulnerability affect Administration Console functionality if we keep it in the server ? Is there any way to resolve it ?

    Also, can you please let me know what is the SQL Server Compact version which is using in Bartender v2021 & v2022 ?

    ====

    Scan Result: EOL/Obsolete Software: Microsoft Structured Query Language (SQL) Server Compact 4.0 Detected

    C:\Program Files\Microsoft SQL Server Compact Edition\v4.0\\sqlceqp40.dll  Version is  4.0.8876.1
    EOL/Obsolete Software: Microsoft SQL Server Compact 4.0 Detected

    =====

    0
  • Avatar
    Thiyagu Palanisamy

    Hi Xabier,

    Did you had a chance to look into my last comment ?

    Regards,

    Thiyagu

    0
  • Avatar
    Thiyagu Palanisamy

    Hi Xabier,

    I am waiting for your response. If the latest version 2022 also have the Microsoft SQL compact 4.0 SP1 install automatically then we have to raise the exception. Please provide you comment. Based on your comment we have to decide.

    Regards,

    Thiyagu

    0
  • Avatar
    Xabier Clemente
    Moderator

    Hello again Thiyagu,

    Apologies for the late response.

    Given that Microsoft has not yet listed the Microsoft SQL Server Compact 4.0 SP1 component as having an end of life and that is the only incident in this regard that we have recorded on our Knowledge Base; thus, we believe that this issue could be specific to the vulnerability scanning software you're using. Therefore, for us to further investigate this, we will need to gather some of the following information:

    • What is the name and version of the vulnerability scanning software you use?
    • Can you send us a screenshot showing the error?


    Thank you in advance.

    0
  • Avatar
    Paul Sijbers

    Hi Xabier,

    I'm facing the same issue that on the BarTender Server the software Microsoft SQL Server Compact 4.0 is installed, which is EOL. Looking at above thread, the issue is not the vulnerability software, but that BarTender requires software which is EOL. I'm using Qualys as vulnerability scanning software, see below screenshot. 

    I assume that you agree that's it's not best practice to use EOL software, within the BarTender software suite, so my question is, in which version of BarTender will this be resolved?

    Kind regards, Paul

    0

Bitte melden Sie sich an, um einen Kommentar zu hinterlassen.