Question

Why internal BDH (security binary) scan highlighting vulnerability in com.enterprisedt.net.j2ssh.openssh ?

Please confirm if there is any fix in latest version jar. We may take decision to purchase.

Comments

Please provide us with more details.

---

We are using edtftpj-pro-7.4.0 version licence one in our project.
Security team is run BDH scan that is one of the security scan you can google it.
While running it's highlighting volnarability in your jar 7.4.0. as mentioned above

---

Please post the actual vulnerability details - this doesn't provide us with enough information.

---

Have you tried upgrading, or at least testing with the latest version? There have been 13 versions since version 7.4.0., so your version is pretty out of date.

---

Please can confirm if we include latest jar this issue will resolve? Because it's cost effective right ?

---

You can download the trial to a different "test"machine - please don't download to the same machine as your paid version as it will cause issues. If the trial (latest version) works then you know that upgrading will help.

---

I have cross check again with security team they are mentioning like

"BDH does not recognize this library"
com.enterprisedt.net.j2ssh.openssh

---

If the only message is that BDH does not recognize this library, then it's not providing any security vulnerability.