Version 9 version handling

MortenMi

Hi,

Ref the CVE-2020-13699 vulnerability.

You have released a version of v9 to resolve said vulnerability. We are running Qualys to detect vulnerabilities, and it appears that it is detecting a potential false positive.

When checking for said vulnerability, it will go into the Teamviewer.exe file and look at the version. The latest version appears to show as 9.0.62252.0, but it expects finding a higher version (9.0.258860.0). I've looked at other files and version information, and I indeed find references to 9.0.258860.0, but not the "File version" attribute on teamviewer.exe.

Is this attribute erroneously not updated with this latest version of Teamviewer 9?

Where can we tell Qualys to look to validate that this newer version is installed?

Thanks.

 

Best regards,

Morten Mikkelborg

MortenMi

Hello,

I'm afraid this doesn't resolve my problem.

Qualys knows that version 9.0.62252 has the vulnerability in question. When we update Teamviewer to version 9.3.62252, Qualys still identifies the Teamviewer install to be version 9.0.62252, because the Teamviewer.exe file in that update still has the File Version flag 9.0.62252. The File Version flag is not updated with the patched version of Teamviewer.

Since File Version is not updated (I'm assuming this might be an oversight from Teamviewer's end, not updating this metadata), what part of Teamviewer 9 shows the accurate installed version which we can tell Qualys to look at?

Thanks.