PRUEBA AHORA

XZ CVE-2024-3094 Vulnerability Audit

Software Vulnerability

Discover which Linux assets have a vulnerable version on XZ running on it that is vulnerable to CVE-2024-3094. This vulnerability is a malicious injection present in the xz versions 5.6.0 and 5.6.1 libraries is only included in the tarball download package. Red Hat warns that any Linux distribution can be at risk as long as it runs the compromised XZ versions.

The report below will provide you with a full list of XZ installations and libraries along with the version so you can quickly identify if you are vulnerable. You can find more info in the XZ vulnerability blog.

Run The XZ CVE-2024-3094 Vulnerability Audit Report Now!

XZ Vulnerability report example

XZ CVE-2024-3094 Lansweeper On-Prem Query

Select Top 1000000 tblAssets.AssetID,
  tblAssets.AssetName,
  subquery1.softwareName,
subquery1.Cleaned_Version as [Cleaned Version],
subquery1.Version,
Case when Try_Cast(ParseName(subquery1.Cleaned_Version, 3) As bigint) = 5 and Try_Cast(ParseName(subquery1.Cleaned_Version, 2) As bigint) = 6 and Try_Cast(ParseName(subquery1.Cleaned_Version, 1) As bigint) in (0,1) then 'Vulnerable' else 'Not Vulnerable' end as [Vulnerable],
    tblLinuxSystem.OSRelease As OS,
  tblAssets.Domain,
  tsysAssetTypes.AssetTypeIcon10 As icon,
  tblAssets.IPAddress,
  tsysIPLocations.IPLocation,
  tblAssetCustom.Manufacturer,
  tblAssetCustom.Model,
  tblAssets.Lastseen,
  tblAssets.Lasttried
From tblAssets
  Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
  Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
  Inner Join tsysIPLocations On tsysIPLocations.LocationID =
    tblAssets.LocationID
  Inner Join tblState On tblState.State = tblAssetCustom.State
  Inner Join tblLinuxSystem On tblAssets.AssetID = tblLinuxSystem.AssetID
  left join (
select tblLinuxSoftware.assetid,
        CASE WHEN CHARINDEX('-', tblLinuxSoftware.Version) > 0 THEN SUBSTRING(tblLinuxSoftware.Version, 1, CHARINDEX('-', tblLinuxSoftware.Version) - 1)
        ELSE tblLinuxSoftware.Version
    END AS Cleaned_Version,
	tblSoftwareUni.softwareName,
	tblLinuxSoftware.Version
from tblLinuxSoftware
  Inner Join tblSoftwareUni On
    tblSoftwareUni.SoftID = tblLinuxSoftware.SoftwareUniID
  ) as subquery1 on subquery1.assetid= tblassets.assetid
Where tsysAssetTypes.AssetTypename = 'Linux' And tblState.Statename = 'Active' and (softwareName = 'xz' or softwareName = 'xz-utils' or softwareName = 'xz-libs')
Order By subquery1.Cleaned_Version desc,
tblAssets.IPNumeric,
  tblAssets.Domain,
  tblAssets.AssetName

Show

Hide