search

Custodela / Riches

0 stars 3 forks source link

Update cx.config #360

Closed kmcdon83 closed 11 months ago

kmcdon83 commented 4 years ago

Scan submitted to Checkmarx

kmcdon83 commented 4 years ago

Checkmarx SAST Scan Summary

Full Scan Details

Checkmarx Scan Summary

Severity Count
High 32
Medium 56
Low 328
Informational 4

Violation Summary

Severity Count
High 30

Details

Lines Severity Category File Link
18 74 High Command_Injection riches/pages/common/hidden_AdminControl.jsp Checkmarx
30 High Command_Injection riches/pages/content/oper/Admin.jsp Checkmarx
18 25 High Command_Injection riches/pages/content/oper/Newsletter.jsp Checkmarx
63 84 High Reflected_XSS_All_Clients riches/WEB-INF/src/java/com/checkmarx/samples/riches/restful/TransactionResources.java Checkmarx
102 124 High Reflected_XSS_All_Clients riches/WEB-INF/src/java/com/checkmarx/samples/riches/restful/AccountResources.java Checkmarx
19 20 21 24 High Reflected_XSS_All_Clients riches/pages/career_details_error.jsp Checkmarx
6 High Reflected_XSS_All_Clients riches/pages/content/Security.jsp Checkmarx
9 High Reflected_XSS_All_Clients riches/pages/error.jsp Checkmarx
83 High Reflected_XSS_All_Clients riches/login/login.jsp Checkmarx
11 High Reflected_XSS_All_Clients riches/login/error.jsp Checkmarx
62 82 102 141 High SQL_Injection riches/WEB-INF/src/java/com/checkmarx/samples/riches/restful/AccountResources.java Checkmarx
20 High SQL_Injection riches/WEB-INF/src/java/com/checkmarx/samples/riches/Messages.java Checkmarx
101 102 104 105 106 107 High SQL_Injection riches/WEB-INF/src/java/com/checkmarx/samples/riches/restful/TransactionResources.java Checkmarx
11 High Stored_XSS riches/pages/Backup.jsp Checkmarx
13 High Stored_XSS riches/pages/FilesViewer.jsp Checkmarx

Checkmarx Dependency (CxSCA) Scan Summary

Full Scan Details

Summary

Total Packages Identified 51
High severity vulnerabilities 44
Medium severity vulnerabilities 27
Low severity vulnerabilities 1
Scan risk score 10.00

CxSCA vulnerability result overview

Vulnerability ID Package Severity CVSS score Publish date Current version Recommended version Link in CxSCA Reference – NVD link
CVE-2012-0838 com.opensymphony:xwork HIGH 10.0 2012-03-02T22:55:00 2.0.4 Vulnerability Link CVE-2012-0838
CVE-2012-0838 org.apache.struts:struts2-core HIGH 10.0 2012-03-02T22:55:00 2.0.11 Vulnerability Link CVE-2012-0838
CVE-2017-5638 org.apache.struts:struts2-core HIGH 10.0 2017-03-11T02:59:00 2.0.11 Vulnerability Link CVE-2017-5638
CVE-2013-4316 org.apache.struts:struts2-core HIGH 10.0 2013-09-30T21:55:00 2.0.11 Vulnerability Link CVE-2013-4316
CVE-2015-7501 commons-collections:commons-collections HIGH 9.8 2017-11-09T17:29:00 2.1 Vulnerability Link CVE-2015-7501
CVE-2016-1000031 commons-fileupload:commons-fileupload HIGH 9.8 2016-10-25T14:29:00 1.2.1 Vulnerability Link CVE-2016-1000031
CVE-2016-4438 com.opensymphony:xwork HIGH 9.8 2016-07-04T22:59:00 2.0.4 Vulnerability Link CVE-2016-4438
CVE-2020-10683 dom4j:dom4j HIGH 9.8 2020-05-01T19:15:00 1.4 Vulnerability Link CVE-2020-10683
CVE-2016-4436 org.apache.struts:struts2-core HIGH 9.8 2016-10-03T15:59:00 2.0.11 Vulnerability Link CVE-2016-4436
CVE-2017-12611 org.apache.struts:struts2-core HIGH 9.8 2017-09-20T17:29:00 2.0.11 Vulnerability Link CVE-2017-12611
CVE-2016-3082 org.apache.struts:struts2-core HIGH 9.8 2016-04-26T14:59:00 2.0.11 Vulnerability Link CVE-2016-3082
CVE-2013-1966 com.opensymphony:xwork HIGH 9.3 2013-07-10T19:55:00 2.0.4 Vulnerability Link CVE-2013-1966
CVE-2013-2115 com.opensymphony:xwork HIGH 9.3 2013-07-10T19:55:00 2.0.4 Vulnerability Link CVE-2013-2115
CVE-2013-1965 com.opensymphony:xwork HIGH 9.3 2013-07-10T19:55:00 2.0.4 Vulnerability Link CVE-2013-1965
CVE-2012-0391 com.opensymphony:xwork HIGH 9.3 2012-01-08T15:55:00 2.0.4 Vulnerability Link CVE-2012-0391
CVE-2013-2251 org.apache.struts:struts2-core HIGH 9.3 2013-07-20T03:37:00 2.0.11 Vulnerability Link CVE-2013-2251
CVE-2013-1965 org.apache.struts:struts2-core HIGH 9.3 2013-07-10T19:55:00 2.0.11 Vulnerability Link CVE-2013-1965
CVE-2012-0391 org.apache.struts:struts2-core HIGH 9.3 2012-01-08T15:55:00 2.0.11 Vulnerability Link CVE-2012-0391
CVE-2013-2135 org.apache.struts:struts2-core HIGH 9.3 2013-07-16T18:55:00 2.0.11 Vulnerability Link CVE-2013-2135
CVE-2013-2134 org.apache.struts:struts2-core HIGH 9.3 2013-07-16T18:55:00 2.0.11 Vulnerability Link CVE-2013-2134
CVE-2012-0392 org.apache.struts:struts2-core HIGH 9.3 2012-01-08T15:55:00 2.0.11 Vulnerability Link CVE-2012-0392
CVE-2016-4461 com.opensymphony:xwork HIGH 8.8 2017-10-16T16:29:00 2.0.4 Vulnerability Link CVE-2016-4461
CVE-2016-0785 com.opensymphony:xwork HIGH 8.8 2016-04-12T16:59:00 2.0.4 Vulnerability Link CVE-2016-0785
CVE-2016-3090 org.apache.struts:struts2-core HIGH 8.8 2017-10-30T14:29:00 2.0.11 Vulnerability Link CVE-2016-3090
CVE-2018-11776 com.opensymphony:xwork HIGH 8.1 2018-08-22T13:29:00 2.0.4 Vulnerability Link CVE-2018-11776
CVE-2018-11776 org.apache.struts:struts2-core HIGH 8.1 2018-08-22T13:29:00 2.0.11 Vulnerability Link CVE-2018-11776
CVE-2016-3081 org.apache.struts:struts2-core HIGH 8.1 2016-04-26T14:59:00 2.0.11 Vulnerability Link CVE-2016-3081
CVE-2006-1547 struts:struts HIGH 7.8 2006-03-30T22:02:00 1.1 Vulnerability Link CVE-2006-1547
CVE-2014-0114 commons-beanutils:commons-beanutils HIGH 7.5 2014-04-30T10:49:00 1.7.0 Vulnerability Link CVE-2014-0114
Cx78f40514-81ff commons-collections:commons-collections HIGH 7.5 2018-10-31T10:39:00 2.1 Vulnerability Link N\A
CVE-2016-3092 commons-fileupload:commons-fileupload HIGH 7.5 2016-07-04T22:59:00 1.2.1 Vulnerability Link CVE-2016-3092
CVE-2013-2186 commons-fileupload:commons-fileupload HIGH 7.5 2013-10-28T21:55:00 1.2.1 Vulnerability Link CVE-2013-2186
CVE-2014-0050 commons-fileupload:commons-fileupload HIGH 7.5 2014-04-01T06:27:00 1.2.1 Vulnerability Link CVE-2014-0050
CVE-2015-5209 com.opensymphony:xwork HIGH 7.5 2017-08-29T15:29:00 2.0.4 Vulnerability Link CVE-2015-5209
CVE-2017-9787 com.opensymphony:xwork HIGH 7.5 2017-07-13T15:29:00 2.0.4 Vulnerability Link CVE-2017-9787
CVE-2017-9804 com.opensymphony:xwork HIGH 7.5 2017-09-20T17:29:00 2.0.4 Vulnerability Link CVE-2017-9804
CVE-2014-0112 com.opensymphony:xwork HIGH 7.5 2014-04-29T10:37:00 2.0.4 Vulnerability Link CVE-2014-0112
CVE-2018-1000632 dom4j:dom4j HIGH 7.5 2018-08-20T19:31:00 1.4 Vulnerability Link CVE-2018-1000632
CVE-2014-0112 org.apache.struts:struts2-core HIGH 7.5 2014-04-29T10:37:00 2.0.11 Vulnerability Link CVE-2014-0112
CVE-2014-0113 org.apache.struts:struts2-core HIGH 7.5 2014-04-29T10:37:00 2.0.11 Vulnerability Link CVE-2014-0113
CVE-2014-0114 struts:struts HIGH 7.5 2014-04-30T10:49:00 1.1 Vulnerability Link CVE-2014-0114
CVE-2006-1546 struts:struts HIGH 7.5 2006-03-30T22:02:00 1.1 Vulnerability Link CVE-2006-1546
CVE-2015-0254 taglibs:standard HIGH 7.5 2015-03-09T14:59:00 1.1.2 Vulnerability Link CVE-2015-0254
CVE-2016-5018 tomcat:jasper-runtime HIGH 7.5 2017-08-10T16:29:00 5.0.28 Vulnerability Link CVE-2016-5018
CVE-2014-7809 org.apache.struts:struts2-core MEDIUM 6.8 2014-12-10T15:59:00 2.0.11 Vulnerability Link CVE-2014-7809
CVE-2012-0394 org.apache.struts:struts2-core MEDIUM 6.8 2012-01-08T15:55:00 2.0.11 Vulnerability Link CVE-2012-0394
CVE-2012-4386 org.apache.struts:struts2-core MEDIUM 6.8 2012-09-05T23:55:00 2.0.11 Vulnerability Link CVE-2012-4386
CVE-2012-0393 org.apache.struts:struts2-core MEDIUM 6.4 2012-01-08T15:55:00 2.0.11 Vulnerability Link CVE-2012-0393
CVE-2016-2162 com.opensymphony:xwork MEDIUM 6.1 2016-04-12T16:59:00 2.0.4 Vulnerability Link CVE-2016-2162
CVE-2016-4003 org.apache.struts:struts2-core MEDIUM 6.1 2016-04-12T16:59:00 2.0.11 Vulnerability Link CVE-2016-4003
CVE-2015-5169 org.apache.struts:struts2-core MEDIUM 6.1 2017-09-25T21:29:00 2.0.11 Vulnerability Link CVE-2015-5169
CVE-2016-2162 org.apache.struts:struts2-core MEDIUM 6.1 2016-04-12T16:59:00 2.0.11 Vulnerability Link CVE-2016-2162
CVE-2016-8738 com.opensymphony:xwork MEDIUM 5.9 2017-09-20T17:29:00 2.0.4 Vulnerability Link CVE-2016-8738
CVE-2013-4310 org.apache.struts:struts2-core MEDIUM 5.8 2013-09-30T21:55:00 2.0.11 Vulnerability Link CVE-2013-4310
CVE-2013-2248 org.apache.struts:struts2-core MEDIUM 5.8 2013-07-20T03:37:00 2.0.11 Vulnerability Link CVE-2013-2248
CVE-2016-3093 com.opensymphony:xwork MEDIUM 5.3 2016-06-07T18:59:00 2.0.4 Vulnerability Link CVE-2016-3093
CVE-2010-1870 com.opensymphony:xwork MEDIUM 5.0 2010-08-17T20:00:00 2.0.4 Vulnerability Link CVE-2010-1870
CVE-2008-6504 com.opensymphony:xwork MEDIUM 5.0 2009-03-23T14:19:00 2.0.4 Vulnerability Link CVE-2008-6504
CVE-2012-4387 com.opensymphony:xwork MEDIUM 5.0 2012-09-05T23:55:00 2.0.4 Vulnerability Link CVE-2012-4387
CVE-2011-2088 com.opensymphony:xwork MEDIUM 5.0 2011-05-13T17:05:00 2.0.4 Vulnerability Link CVE-2011-2088
CVE-2011-5057 org.apache.struts:struts2-core MEDIUM 5.0 2012-01-08T17:55:00 2.0.11 Vulnerability Link CVE-2011-5057
CVE-2014-0094 org.apache.struts:struts2-core MEDIUM 5.0 2014-03-11T13:00:00 2.0.11 Vulnerability Link CVE-2014-0094
CVE-2008-6505 org.apache.struts:struts2-core MEDIUM 5.0 2009-03-23T14:19:00 2.0.11 Vulnerability Link CVE-2008-6505
CVE-2008-6682 org.apache.struts:struts2-core MEDIUM 4.3 2009-04-09T15:08:00 2.0.11 Vulnerability Link CVE-2008-6682
CVE-2012-1006 org.apache.struts:struts2-core MEDIUM 4.3 2012-02-07T04:09:00 2.0.11 Vulnerability Link CVE-2012-1006
CVE-2006-1548 struts:struts MEDIUM 4.3 2006-03-30T22:02:00 1.1 Vulnerability Link CVE-2006-1548
CVE-2005-3745 struts:struts MEDIUM 4.3 2005-11-22T11:03:00 1.1 Vulnerability Link CVE-2005-3745
CVE-2009-0781 tomcat:jasper-compiler MEDIUM 4.3 2009-03-09T21:30:00 5.0.28 Vulnerability Link CVE-2009-0781
CVE-2009-0781 tomcat:jasper-runtime MEDIUM 4.3 2009-03-09T21:30:00 5.0.28 Vulnerability Link CVE-2009-0781
CVE-2009-0781 tomcat:servlet-api MEDIUM 4.3 2009-03-09T21:30:00 5.0.18 Vulnerability Link CVE-2009-0781
CVE-2013-0248 commons-fileupload:commons-fileupload MEDIUM 3.3 2013-03-15T20:55:00 1.2.1 Vulnerability Link CVE-2013-0248
CVE-2011-1772 com.opensymphony:xwork LOW 2.6 2011-05-13T17:05:00 2.0.4 Vulnerability Link CVE-2011-1772