kmcdon83
commented
4 years ago Checkmarx SAST Scan Summary
Checkmarx Scan Summary
| Severity | Count |
|---|---|
| High | 32 |
| Medium | 56 |
| Low | 328 |
| Informational | 4 |
Violation Summary
| Severity | Count |
|---|---|
| High | 30 |
Details
| Lines | Severity | Category | File | Link |
|---|---|---|---|---|
| 18 74 | High | Command_Injection | riches/pages/common/hidden_AdminControl.jsp | Checkmarx |
| 30 | High | Command_Injection | riches/pages/content/oper/Admin.jsp | Checkmarx |
| 18 25 | High | Command_Injection | riches/pages/content/oper/Newsletter.jsp | Checkmarx |
| 63 84 | High | Reflected_XSS_All_Clients | riches/WEB-INF/src/java/com/checkmarx/samples/riches/restful/TransactionResources.java | Checkmarx |
| 19 20 21 24 | High | Reflected_XSS_All_Clients | riches/pages/career_details_error.jsp | Checkmarx |
| 6 | High | Reflected_XSS_All_Clients | riches/pages/content/Security.jsp | Checkmarx |
| 11 | High | Reflected_XSS_All_Clients | riches/login/error.jsp | Checkmarx |
| 9 | High | Reflected_XSS_All_Clients | riches/pages/error.jsp | Checkmarx |
| 83 | High | Reflected_XSS_All_Clients | riches/login/login.jsp | Checkmarx |
| 102 124 | High | Reflected_XSS_All_Clients | riches/WEB-INF/src/java/com/checkmarx/samples/riches/restful/AccountResources.java | Checkmarx |
| 62 82 102 141 | High | SQL_Injection | riches/WEB-INF/src/java/com/checkmarx/samples/riches/restful/AccountResources.java | Checkmarx |
| 20 | High | SQL_Injection | riches/WEB-INF/src/java/com/checkmarx/samples/riches/Messages.java | Checkmarx |
| 101 102 104 105 106 107 | High | SQL_Injection | riches/WEB-INF/src/java/com/checkmarx/samples/riches/restful/TransactionResources.java | Checkmarx |
| 11 | High | Stored_XSS | riches/pages/Backup.jsp | Checkmarx |
| 13 | High | Stored_XSS | riches/pages/FilesViewer.jsp | Checkmarx |
Checkmarx Dependency (CxSCA) Scan Summary
Summary
| Total Packages Identified | 51 |
|---|---|
| High severity vulnerabilities | 44 |
| Medium severity vulnerabilities | 27 |
| Low severity vulnerabilities | 1 |
| Scan risk score | 10.00 |
CxSCA vulnerability result overview
| Vulnerability ID | Package | Severity | CVSS score | Publish date | Current version | Recommended version | Link in CxSCA | Reference – NVD link |
|---|---|---|---|---|---|---|---|---|
CVE-2012-0838 |
com.opensymphony:xwork | HIGH | 10.0 | 2012-03-02T22:55:00 | 2.0.4 | Vulnerability Link | CVE-2012-0838 | |
CVE-2012-0838 |
org.apache.struts:struts2-core | HIGH | 10.0 | 2012-03-02T22:55:00 | 2.0.11 | Vulnerability Link | CVE-2012-0838 | |
CVE-2013-4316 |
org.apache.struts:struts2-core | HIGH | 10.0 | 2013-09-30T21:55:00 | 2.0.11 | Vulnerability Link | CVE-2013-4316 | |
CVE-2017-5638 |
org.apache.struts:struts2-core | HIGH | 10.0 | 2017-03-11T02:59:00 | 2.0.11 | Vulnerability Link | CVE-2017-5638 | |
CVE-2015-7501 |
commons-collections:commons-collections | HIGH | 9.8 | 2017-11-09T17:29:00 | 2.1 | Vulnerability Link | CVE-2015-7501 | |
CVE-2016-1000031 |
commons-fileupload:commons-fileupload | HIGH | 9.8 | 2016-10-25T14:29:00 | 1.2.1 | Vulnerability Link | CVE-2016-1000031 | |
CVE-2016-4438 |
com.opensymphony:xwork | HIGH | 9.8 | 2016-07-04T22:59:00 | 2.0.4 | Vulnerability Link | CVE-2016-4438 | |
CVE-2020-10683 |
dom4j:dom4j | HIGH | 9.8 | 2020-05-01T19:15:00 | 1.4 | Vulnerability Link | CVE-2020-10683 | |
CVE-2016-3082 |
org.apache.struts:struts2-core | HIGH | 9.8 | 2016-04-26T14:59:00 | 2.0.11 | Vulnerability Link | CVE-2016-3082 | |
CVE-2016-4436 |
org.apache.struts:struts2-core | HIGH | 9.8 | 2016-10-03T15:59:00 | 2.0.11 | Vulnerability Link | CVE-2016-4436 | |
CVE-2017-12611 |
org.apache.struts:struts2-core | HIGH | 9.8 | 2017-09-20T17:29:00 | 2.0.11 | Vulnerability Link | CVE-2017-12611 | |
CVE-2012-0391 |
com.opensymphony:xwork | HIGH | 9.3 | 2012-01-08T15:55:00 | 2.0.4 | Vulnerability Link | CVE-2012-0391 | |
CVE-2013-1965 |
com.opensymphony:xwork | HIGH | 9.3 | 2013-07-10T19:55:00 | 2.0.4 | Vulnerability Link | CVE-2013-1965 | |
CVE-2013-1966 |
com.opensymphony:xwork | HIGH | 9.3 | 2013-07-10T19:55:00 | 2.0.4 | Vulnerability Link | CVE-2013-1966 | |
CVE-2013-2115 |
com.opensymphony:xwork | HIGH | 9.3 | 2013-07-10T19:55:00 | 2.0.4 | Vulnerability Link | CVE-2013-2115 | |
CVE-2012-0391 |
org.apache.struts:struts2-core | HIGH | 9.3 | 2012-01-08T15:55:00 | 2.0.11 | Vulnerability Link | CVE-2012-0391 | |
CVE-2012-0392 |
org.apache.struts:struts2-core | HIGH | 9.3 | 2012-01-08T15:55:00 | 2.0.11 | Vulnerability Link | CVE-2012-0392 | |
CVE-2013-1965 |
org.apache.struts:struts2-core | HIGH | 9.3 | 2013-07-10T19:55:00 | 2.0.11 | Vulnerability Link | CVE-2013-1965 | |
CVE-2013-2134 |
org.apache.struts:struts2-core | HIGH | 9.3 | 2013-07-16T18:55:00 | 2.0.11 | Vulnerability Link | CVE-2013-2134 | |
CVE-2013-2135 |
org.apache.struts:struts2-core | HIGH | 9.3 | 2013-07-16T18:55:00 | 2.0.11 | Vulnerability Link | CVE-2013-2135 | |
CVE-2013-2251 |
org.apache.struts:struts2-core | HIGH | 9.3 | 2013-07-20T03:37:00 | 2.0.11 | Vulnerability Link | CVE-2013-2251 | |
CVE-2016-0785 |
com.opensymphony:xwork | HIGH | 8.8 | 2016-04-12T16:59:00 | 2.0.4 | Vulnerability Link | CVE-2016-0785 | |
CVE-2016-4461 |
com.opensymphony:xwork | HIGH | 8.8 | 2017-10-16T16:29:00 | 2.0.4 | Vulnerability Link | CVE-2016-4461 | |
CVE-2016-3090 |
org.apache.struts:struts2-core | HIGH | 8.8 | 2017-10-30T14:29:00 | 2.0.11 | Vulnerability Link | CVE-2016-3090 | |
CVE-2018-11776 |
com.opensymphony:xwork | HIGH | 8.1 | 2018-08-22T13:29:00 | 2.0.4 | Vulnerability Link | CVE-2018-11776 | |
CVE-2016-3081 |
org.apache.struts:struts2-core | HIGH | 8.1 | 2016-04-26T14:59:00 | 2.0.11 | Vulnerability Link | CVE-2016-3081 | |
CVE-2018-11776 |
org.apache.struts:struts2-core | HIGH | 8.1 | 2018-08-22T13:29:00 | 2.0.11 | Vulnerability Link | CVE-2018-11776 | |
CVE-2006-1547 |
struts:struts | HIGH | 7.8 | 2006-03-30T22:02:00 | 1.1 | Vulnerability Link | CVE-2006-1547 | |
CVE-2014-0114 |
commons-beanutils:commons-beanutils | HIGH | 7.5 | 2014-04-30T10:49:00 | 1.7.0 | Vulnerability Link | CVE-2014-0114 | |
Cx78f40514-81ff |
commons-collections:commons-collections | HIGH | 7.5 | 2018-10-31T10:39:00 | 2.1 | Vulnerability Link | N\A | |
CVE-2013-2186 |
commons-fileupload:commons-fileupload | HIGH | 7.5 | 2013-10-28T21:55:00 | 1.2.1 | Vulnerability Link | CVE-2013-2186 | |
CVE-2014-0050 |
commons-fileupload:commons-fileupload | HIGH | 7.5 | 2014-04-01T06:27:00 | 1.2.1 | Vulnerability Link | CVE-2014-0050 | |
CVE-2016-3092 |
commons-fileupload:commons-fileupload | HIGH | 7.5 | 2016-07-04T22:59:00 | 1.2.1 | Vulnerability Link | CVE-2016-3092 | |
CVE-2014-0112 |
com.opensymphony:xwork | HIGH | 7.5 | 2014-04-29T10:37:00 | 2.0.4 | Vulnerability Link | CVE-2014-0112 | |
CVE-2015-5209 |
com.opensymphony:xwork | HIGH | 7.5 | 2017-08-29T15:29:00 | 2.0.4 | Vulnerability Link | CVE-2015-5209 | |
CVE-2017-9787 |
com.opensymphony:xwork | HIGH | 7.5 | 2017-07-13T15:29:00 | 2.0.4 | Vulnerability Link | CVE-2017-9787 | |
CVE-2017-9804 |
com.opensymphony:xwork | HIGH | 7.5 | 2017-09-20T17:29:00 | 2.0.4 | Vulnerability Link | CVE-2017-9804 | |
CVE-2018-1000632 |
dom4j:dom4j | HIGH | 7.5 | 2018-08-20T19:31:00 | 1.4 | Vulnerability Link | CVE-2018-1000632 | |
CVE-2014-0112 |
org.apache.struts:struts2-core | HIGH | 7.5 | 2014-04-29T10:37:00 | 2.0.11 | Vulnerability Link | CVE-2014-0112 | |
CVE-2014-0113 |
org.apache.struts:struts2-core | HIGH | 7.5 | 2014-04-29T10:37:00 | 2.0.11 | Vulnerability Link | CVE-2014-0113 | |
CVE-2006-1546 |
struts:struts | HIGH | 7.5 | 2006-03-30T22:02:00 | 1.1 | Vulnerability Link | CVE-2006-1546 | |
CVE-2014-0114 |
struts:struts | HIGH | 7.5 | 2014-04-30T10:49:00 | 1.1 | Vulnerability Link | CVE-2014-0114 | |
CVE-2015-0254 |
taglibs:standard | HIGH | 7.5 | 2015-03-09T14:59:00 | 1.1.2 | Vulnerability Link | CVE-2015-0254 | |
CVE-2016-5018 |
tomcat:jasper-runtime | HIGH | 7.5 | 2017-08-10T16:29:00 | 5.0.28 | Vulnerability Link | CVE-2016-5018 |
Scan submitted to Checkmarx