Even if there's no specific risk, having a CVSS 9.9 vulnerability against an entry in your software catalog triggers an immediate response in a lot of organisations. It just looks bad to leave it there for any length of time. We patched it anyway, same day. I work for an MSP where being down for an hour while we patch everything can be explained. Getting rooted and having all our client's data exposed on the other hand is a company ending event.
Statistics: Posted by garypigott — Apr 14, 2025 8:31 am
