EOL/Obsolete Software: Microsoft Structured Query Language (SQL) Server Compact 4.0 Detected vulnerability Follow

0

Hi,

Our organization security team asked us to fix the "EOL/Obsolete Software: Microsoft Structured Query Language (SQL) Server Compact 4.0 Detected" vulnerability in the license server. This software is automatically installed while i installing Bartender 2019 R9. Can you please let me know is there any impact to the application due to this vulnerability and did it documented in any of the bartender sites ?

If i uninstalled SQL Server Compact 4.0 in my license server then it will affect any process in Licensing Administrator tool/Console ?

================================================

Vulnerability details given by Security team:
Title - EOL/Obsolete Software: Microsoft Structured Query Language (SQL) Server Compact 4.0 Detected

Solution:
Customers are advised to update to the latest supported version of Microsoft SQL Server as Microsoft SQL Server Compact has been deprecated.

Result - Installation location.
C:\Program Files\Microsoft SQL Server Compact Edition\v4.0\\sqlceqp40.dll Version is 4.0.8482.1
EOL/Obsolete Software: Microsoft SQL Server Compact 4.0 Detected
C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v4.0\\sqlceqp40.dll Version is 4.0.8482.1
EOL/Obsolete Software: Microsoft SQL Server Compact 4.0 Detected

===============================================

Can you please help me to know how to fix it ?

Note: I just installed license manager not whole products since I am managing licenses to the users.

7 comments

0
Avatar
Thiyagu Palanisamy
Comment actions Permalink

Hi Xabier,

As i am a license administrator I will use only "Administration Console" to do the licensing related activities (activate, deactivate, checking the usage etc..). As per the article only below components required SQL Server Compact and i don't see "Administration Console" required SQL Server Compact. So I am good to uninstall "SQL Server Compact 4.0" in my license server and it will not impact the "Administration Console" functionality to do the licensing activities right ?

  • Reprint Console and Print Job logging
  • History Explorer
  • Data Builder
  • Security settings, including permissions, logging, signatures, and encryption
  • Cloud storage locations
  • Librarian
  • BarTender Print Portal
0
Avatar
Xabier Clemente
Moderator
Comment actions Permalink

Hi Thiyagu,

Forgive my previous response, it would seem at present, Microsoft SQL Server Compact 4.0 is still a required prerequisite for a properly functional BarTender Suite. It's used by a few of our applications, so removal will have some impact but much of our product suite should continue to work.

While the 4.0 is at end of life, Microsoft SQL Server Compact 4.0 SP1 can be used as an in-place replacement (published April of 2020 and included in newer BarTender versions).  We would recommend swapping the depreciated software for the new Microsoft SQL Server Compact 4.0 SP1.

Again, forgive my previous answer.

0
Avatar
Thiyagu Palanisamy
Comment actions Permalink

Hi Xabier,

I have installed Microsoft SQL Server Compact 4.0 SP1 in the license server and requested security team to Re-scan. In the report Microsoft SQL Server Compact 4.0 SP1 is also a vulnerable.

Can you please let me know this vulnerability affect Administration Console functionality if we keep it in the server ? Is there any way to resolve it ?

Also, can you please let me know what is the SQL Server Compact version which is using in Bartender v2021 & v2022 ?

====

Scan Result: EOL/Obsolete Software: Microsoft Structured Query Language (SQL) Server Compact 4.0 Detected

C:\Program Files\Microsoft SQL Server Compact Edition\v4.0\\sqlceqp40.dll  Version is  4.0.8876.1
EOL/Obsolete Software: Microsoft SQL Server Compact 4.0 Detected

=====

0
Avatar
Thiyagu Palanisamy
Comment actions Permalink

Hi Xabier,

Did you had a chance to look into my last comment ?

Regards,

Thiyagu

0
Avatar
Thiyagu Palanisamy
Comment actions Permalink

Hi Xabier,

I am waiting for your response. If the latest version 2022 also have the Microsoft SQL compact 4.0 SP1 install automatically then we have to raise the exception. Please provide you comment. Based on your comment we have to decide.

Regards,

Thiyagu

0
Avatar
Xabier Clemente
Moderator
Comment actions Permalink

Hello again Thiyagu,

Apologies for the late response.

Given that Microsoft has not yet listed the Microsoft SQL Server Compact 4.0 SP1 component as having an end of life and that is the only incident in this regard that we have recorded on our Knowledge Base; thus, we believe that this issue could be specific to the vulnerability scanning software you're using. Therefore, for us to further investigate this, we will need to gather some of the following information:

  • What is the name and version of the vulnerability scanning software you use?
  • Can you send us a screenshot showing the error?


Thank you in advance.

0
Avatar
Paul Sijbers
Comment actions Permalink

Hi Xabier,

I'm facing the same issue that on the BarTender Server the software Microsoft SQL Server Compact 4.0 is installed, which is EOL. Looking at above thread, the issue is not the vulnerability software, but that BarTender requires software which is EOL. I'm using Qualys as vulnerability scanning software, see below screenshot. 

I assume that you agree that's it's not best practice to use EOL software, within the BarTender software suite, so my question is, in which version of BarTender will this be resolved?

Kind regards, Paul

Please sign in to leave a comment.