Copy link to clipboard
Copied
I am working with vulnerability scanning vendor, Tenable, which is reporting a false positive after updating Adobe Digital Editions to 4.5.10.186048. The scanner is checking for DigitalEditions.exe to be version 4.5.10.186048 but when Adobe Digital Editions 4.5.10.186048 is installed (downloaded from https://www.adobe.com/solutions/ebook/digital-editions/release-notes.html), DigitalEditions.exe is version 4.5.10.0. You can launch the software and verify it is indeed version 4.5.10.186048.
Tenable's response is below
"It appears this is already a known issue with this particular plugin. There's no resolution just yet.
Our plugin is looking in the correct\standard places - we cant open the application and read the about page during a scan. Can you reach out to Adobe to provided a valid explanation as to why they do not update the registry and exe to reflect the correct version number? They are presenting incorrect information, and we are not likely to modify the plugin to accommodate this without good reason.
Simply put, 4.5.10.0 does not = 4.5.10.186048
So we need a programmatic way to detect this."
Copy link to clipboard
Copied
It is now October 2019, what "thohun" wrote above is still true. According to Adobe release documents, v4.5.10.186048 is the newest version. When I go to download this directly from Adobe's website what I get is v4.5.10.0 Yes, this is a VERY minor pickey issue... but, my computer thinks it does not have the newest version of Adobe Digital Edtitions. Six months after the above post 4.5.10.0 still does not equal 4.5.10.186048
Copy link to clipboard
Copied
It is now January 2020, and this is still an issue. Is there anyone from Adobe that can comment on progress of resolving this? The Help-->About shows 4.5.10.186048, but right clicking on the .exe file for ADE and going to the details tab still shows 4.5.10.0, as well as the registry at HKLM/Software/WOW6432Node/Adobe/Adobe Digital Editions 4.5 which is why it's getting flagged by Nessus.