MS SQL Compact 3.5 Vulnerability Found

[JaxIsland7575]

I am doing a security / vulnerability assessment and the VBR server was found to have EOL/Obsolete Software on it. It is reporting this on MA SQL Compact 3.5 which is installed. This is a local DB all features installed on this same physical server running the latest VBR version. My question is about fixing this, can I remove it? Can I upgrade it to v4, what is it and do I need it?

This item in the report is listed as the highest critical vulnerability so if someone could assist me is resolving it, I would appreciate it.

Thank you!

[csydas]

Should be fine. Veeam packages MSSQL Express, and recommends running on Standard for more serious workloads. So if it's "working", it's not supported (I honestly don't know the functional differences between MSSQL Compact and Express...)

https://helpcenter.veeam.com/docs/backu ... kup_server

Regardless, take a Config Backup and a DB backup before you make a decision, and either just jump over to SQL Express/Standard or do the upgrade.

[bdufour]

i dont think sql compact is related to veeam, according to my knowledge. sql compact is mostly used by developers.

[Gostev]

Veeam Backup & Replication does not use SQL Compact.

[JaxIsland7575]

I installed v4. Had to manually remove the program files folder for 3.5 and rebooted. Vulnerability scan came back clean and VBR is functioning normally, so I guess its good to go.

Thank you for the clarification Gostev!