cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
The Discovery Summit 2025 Call for Content is open! Submit an abstract today to present at our premier analytics conference.
Choose Language Hide Translation Bar
View Original Published Thread

jmp_python.exe vulnerabilities reported by Microsoft Defender Enterprise

RobbCGO
RobbCGO
Level I
Jan 27, 2025 01:07 PM 533 views

Microsoft Defender has been reporting vulnerabilities which can be reconciled by updating Python. We have 6 devices affected, but only 1 had Python installed manually. The other 5 trace back to jmp_python.exe.

 

The JMP update function doesn't appear to affect Python. How do you intend to resolve the vulnerability reported?

01 - Security Recommendations.jpg
Preview file
67 KB
02 - Associated CVEs.jpg
Preview file
41 KB
0 Kudos
3 REPLIES 3
jthi
Super User jthi
Super User


Re: jmp_python.exe vulnerabilities reported by Microsoft Defender Enterprise

Jan 27, 2025 01:59 PM (526 views)  |  Posted in reply to message from RobbCGO 01-27-2025

Have you contacted JMP Support?

-Jarmo
0 Kudos
Paul_Nelson
Staff Paul_Nelson
Staff


Re: jmp_python.exe vulnerabilities reported by Microsoft Defender Enterprise

Jan 27, 2025 02:25 PM (495 views)  |  Posted in reply to message from RobbCGO 01-27-2025

Upgrade your version of JMP.  The latest release of JMP 18.x contains Python 3.11.11, JMP 19 EA 6 contains Python 3.13.1.  They are the latest security releases of Python as of today 27 Jan 2025.  We are monitoring Python's security releases and when a security fix is released, we update in the next JMP security maintenance release. 

 

A friendly reminder.  It is considered a responsible security disclosure practice to inform the developer first of potential security issues before spreading to the world. In the future please contact JMP technical support first for security issues.  In this case we have already addressed, but please give us time to address before potentially putting your colleagues at risk.

Paul_Nelson
Staff Paul_Nelson
Staff


Re: jmp_python.exe vulnerabilities reported by Microsoft Defender Enterprise

Jan 27, 2025 02:43 PM (490 views)  |  Posted in reply to message from Paul_Nelson 01-27-2025

While the CVEs mentioned, have been created, they are not yet verified.  As such, it's likely even the latest Python distribution does not have any updates to these issues even if they are found to be legitimate vulnerabilities. Until such time as Python makes an update there is no way for JMP to make an update.  But again please disclose to JMP Technical support first.  Typical public disclosure timeframe is at least 90 days after a fix is available.

 

https://nvd.nist.gov/vuln/detail/cve-2024-9287 This vulnerability is currently awaiting analysis.

https://nvd.nist.gov/vuln/detail/cve-2024-8088 This vulnerability is currently awaiting analysis.

https://nvd.nist.gov/vuln/detail/cve-2024-3219 This vulnerability is currently awaiting analysis.

https://nvd.nist.gov/vuln/detail/cve-2024-6923 This vulnerability is currently awaiting analysis.

https://nvd.nist.gov/vuln/detail/cve-2024-4030  This vulnerability is currently awaiting analysis.

 

 

 

0 Kudos