Update cx.config.tmp - Githubissues

Logo Checkmarx SCA - Scan Summary & Details

Cx-SCA Summary

Total Packages Identified: 51 Scan Risk Score: 10.00

High 54 High severity vulnerabilities Medium 30 Medium severity vulnerabilities Low 1 Low severity vulnerabilities View more details on Checkmarx UI

Cx-SCA vulnerability result overview

Vulnerability ID	Package	Severity	CVSS score	Publish date	Current version	Recommended version	Link in CxSCA
`CVE-2012-0838`	com.opensymphony:xwork	HIGH	10.0	2012-03-02T22:55:00	2.0.4	Vulnerability Link	CVE-2012-0838
`CVE-2013-4316`	org.apache.struts:struts2-core	HIGH	10.0	2013-09-30T21:55:00	2.0.11	Vulnerability Link	CVE-2013-4316
`CVE-2012-0838`	org.apache.struts:struts2-core	HIGH	10.0	2012-03-02T22:55:00	2.0.11	Vulnerability Link	CVE-2012-0838
`CVE-2017-5638`	org.apache.struts:struts2-core	HIGH	10.0	2017-03-11T02:59:00	2.0.11	Vulnerability Link	CVE-2017-5638
`CVE-2015-7501`	commons-collections:commons-collections	HIGH	9.8	2017-11-09T17:29:00	2.1	Vulnerability Link	CVE-2015-7501
`CVE-2016-1000031`	commons-fileupload:commons-fileupload	HIGH	9.8	2016-10-25T14:29:00	1.2.1	Vulnerability Link	CVE-2016-1000031
`CVE-2016-4438`	com.opensymphony:xwork	HIGH	9.8	2016-07-04T22:59:00	2.0.4	Vulnerability Link	CVE-2016-4438
`CVE-2020-17530`	com.opensymphony:xwork	HIGH	9.8	2020-12-11T02:15:00	2.0.4	Vulnerability Link	CVE-2020-17530
`CVE-2020-10683`	dom4j:dom4j	HIGH	9.8	2020-05-01T19:15:00	1.4	Vulnerability Link	CVE-2020-10683
`CVE-2016-4436`	org.apache.struts:struts2-core	HIGH	9.8	2016-10-03T15:59:00	2.0.11	Vulnerability Link	CVE-2016-4436
`CVE-2017-12611`	org.apache.struts:struts2-core	HIGH	9.8	2017-09-20T17:29:00	2.0.11	Vulnerability Link	CVE-2017-12611
`CVE-2016-3082`	org.apache.struts:struts2-core	HIGH	9.8	2016-04-26T14:59:00	2.0.11	Vulnerability Link	CVE-2016-3082
`CVE-2020-17530`	org.apache.struts:struts2-core	HIGH	9.8	2020-12-11T02:15:00	2.0.11	Vulnerability Link	CVE-2020-17530
`CVE-2019-0230`	org.apache.struts:struts2-core	HIGH	9.8	2020-08-13T08:26:00	2.0.11	Vulnerability Link	CVE-2019-0230
`CVE-2013-2115`	com.opensymphony:xwork	HIGH	9.3	2013-07-10T19:55:00	2.0.4	Vulnerability Link	CVE-2013-2115
`CVE-2013-1965`	com.opensymphony:xwork	HIGH	9.3	2013-07-10T19:55:00	2.0.4	Vulnerability Link	CVE-2013-1965
`CVE-2013-1966`	com.opensymphony:xwork	HIGH	9.3	2013-07-10T19:55:00	2.0.4	Vulnerability Link	CVE-2013-1966
`CVE-2012-0391`	com.opensymphony:xwork	HIGH	9.3	2012-01-08T15:55:00	2.0.4	Vulnerability Link	CVE-2012-0391
`CVE-2012-0392`	org.apache.struts:struts2-core	HIGH	9.3	2012-01-08T15:55:00	2.0.11	Vulnerability Link	CVE-2012-0392
`CVE-2013-1965`	org.apache.struts:struts2-core	HIGH	9.3	2013-07-10T19:55:00	2.0.11	Vulnerability Link	CVE-2013-1965
`CVE-2013-2251`	org.apache.struts:struts2-core	HIGH	9.3	2013-07-20T03:37:00	2.0.11	Vulnerability Link	CVE-2013-2251
`CVE-2012-0391`	org.apache.struts:struts2-core	HIGH	9.3	2012-01-08T15:55:00	2.0.11	Vulnerability Link	CVE-2012-0391
`CVE-2013-2135`	org.apache.struts:struts2-core	HIGH	9.3	2013-07-16T18:55:00	2.0.11	Vulnerability Link	CVE-2013-2135
`CVE-2013-2134`	org.apache.struts:struts2-core	HIGH	9.3	2013-07-16T18:55:00	2.0.11	Vulnerability Link	CVE-2013-2134
`CVE-2016-0785`	com.opensymphony:xwork	HIGH	8.8	2016-04-12T16:59:00	2.0.4	Vulnerability Link	CVE-2016-0785
`CVE-2016-4461`	com.opensymphony:xwork	HIGH	8.8	2017-10-16T16:29:00	2.0.4	Vulnerability Link	CVE-2016-4461
`CVE-2012-1592`	org.apache.struts:struts2-core	HIGH	8.8	2019-12-05T21:15:00	2.0.11	Vulnerability Link	CVE-2012-1592
`CVE-2016-4461`	org.apache.struts:struts2-core	HIGH	8.8	2017-10-16T16:29:00	2.0.11	Vulnerability Link	CVE-2016-4461
`CVE-2016-0785`	org.apache.struts:struts2-core	HIGH	8.8	2016-04-12T16:59:00	2.0.11	Vulnerability Link	CVE-2016-0785
`CVE-2016-3090`	org.apache.struts:struts2-core	HIGH	8.8	2017-10-30T14:29:00	2.0.11	Vulnerability Link	CVE-2016-3090
`CVE-2018-11776`	com.opensymphony:xwork	HIGH	8.1	2018-08-22T13:29:00	2.0.4	Vulnerability Link	CVE-2018-11776
`CVE-2018-11776`	org.apache.struts:struts2-core	HIGH	8.1	2018-08-22T13:29:00	2.0.11	Vulnerability Link	CVE-2018-11776
`CVE-2016-3081`	org.apache.struts:struts2-core	HIGH	8.1	2016-04-26T14:59:00	2.0.11	Vulnerability Link	CVE-2016-3081
`CVE-2006-1547`	struts:struts	HIGH	7.8	2006-03-30T22:02:00	1.1	Vulnerability Link	CVE-2006-1547
`CVE-2014-0114`	commons-beanutils:commons-beanutils	HIGH	7.5	2014-04-30T10:49:00	1.7.0	Vulnerability Link	CVE-2014-0114
`Cx78f40514-81ff`	commons-collections:commons-collections	HIGH	7.5	2018-10-31T10:39:00	2.1	Vulnerability Link	N\A
`CVE-2015-6420`	commons-collections:commons-collections	HIGH	7.5	2015-12-15T05:59:00	2.1	Vulnerability Link	CVE-2015-6420
`CVE-2013-2186`	commons-fileupload:commons-fileupload	HIGH	7.5	2013-10-28T21:55:00	1.2.1	Vulnerability Link	CVE-2013-2186
`CVE-2014-0050`	commons-fileupload:commons-fileupload	HIGH	7.5	2014-04-01T06:27:00	1.2.1	Vulnerability Link	CVE-2014-0050
`CVE-2016-3092`	commons-fileupload:commons-fileupload	HIGH	7.5	2016-07-04T22:59:00	1.2.1	Vulnerability Link	CVE-2016-3092
`CVE-2014-0112`	com.opensymphony:xwork	HIGH	7.5	2014-04-29T10:37:00	2.0.4	Vulnerability Link	CVE-2014-0112
`CVE-2015-5209`	com.opensymphony:xwork	HIGH	7.5	2017-08-29T15:29:00	2.0.4	Vulnerability Link	CVE-2015-5209
`CVE-2017-9787`	com.opensymphony:xwork	HIGH	7.5	2017-07-13T15:29:00	2.0.4	Vulnerability Link	CVE-2017-9787
`CVE-2017-9804`	com.opensymphony:xwork	HIGH	7.5	2017-09-20T17:29:00	2.0.4	Vulnerability Link	CVE-2017-9804
`CVE-2018-1000632`	dom4j:dom4j	HIGH	7.5	2018-08-20T19:31:00	1.4	Vulnerability Link	CVE-2018-1000632
`CVE-2014-0113`	org.apache.struts:struts2-core	HIGH	7.5	2014-04-29T10:37:00	2.0.11	Vulnerability Link	CVE-2014-0113
`CVE-2019-0233`	org.apache.struts:struts2-core	HIGH	7.5	2020-08-13T11:18:00	2.0.11	Vulnerability Link	CVE-2019-0233
`CVE-2015-1831`	org.apache.struts:struts2-core	HIGH	7.5	2015-07-16T14:59:00	2.0.11	Vulnerability Link	CVE-2015-1831
`CVE-2014-0112`	org.apache.struts:struts2-core	HIGH	7.5	2014-04-29T10:37:00	2.0.11	Vulnerability Link	CVE-2014-0112
`CVE-2015-5209`	org.apache.struts:struts2-core	HIGH	7.5	2017-08-29T15:29:00	2.0.11	Vulnerability Link	CVE-2015-5209
`CVE-2006-1546`	struts:struts	HIGH	7.5	2006-03-30T22:02:00	1.1	Vulnerability Link	CVE-2006-1546
`CVE-2014-0114`	struts:struts	HIGH	7.5	2014-04-30T10:49:00	1.1	Vulnerability Link	CVE-2014-0114
`CVE-2015-0254`	taglibs:standard	HIGH	7.5	2015-03-09T14:59:00	1.1.2	Vulnerability Link	CVE-2015-0254
`CVE-2016-5018`	tomcat:jasper-runtime	HIGH	7.5	2017-08-10T16:29:00	5.0.28	Vulnerability Link	CVE-2016-5018
`CVE-2012-4386`	org.apache.struts:struts2-core	MEDIUM	6.8	2012-09-05T23:55:00	2.0.11	Vulnerability Link	CVE-2012-4386
`CVE-2014-7809`	org.apache.struts:struts2-core	MEDIUM	6.8	2014-12-10T15:59:00	2.0.11	Vulnerability Link	CVE-2014-7809
`CVE-2012-0394`	org.apache.struts:struts2-core	MEDIUM	6.8	2012-01-08T15:55:00	2.0.11	Vulnerability Link	CVE-2012-0394
`CVE-2012-0393`	org.apache.struts:struts2-core	MEDIUM	6.4	2012-01-08T15:55:00	2.0.11	Vulnerability Link	CVE-2012-0393
`CVE-2016-2162`	com.opensymphony:xwork	MEDIUM	6.1	2016-04-12T16:59:00	2.0.4	Vulnerability Link	CVE-2016-2162
`CVE-2016-2162`	org.apache.struts:struts2-core	MEDIUM	6.1	2016-04-12T16:59:00	2.0.11	Vulnerability Link	CVE-2016-2162
`CVE-2015-2992`	org.apache.struts:struts2-core	MEDIUM	6.1	2020-02-27T18:15:00	2.0.11	Vulnerability Link	CVE-2015-2992
`CVE-2016-4003`	org.apache.struts:struts2-core	MEDIUM	6.1	2016-04-12T16:59:00	2.0.11	Vulnerability Link	CVE-2016-4003
`CVE-2015-5169`	org.apache.struts:struts2-core	MEDIUM	6.1	2017-09-25T21:29:00	2.0.11	Vulnerability Link	CVE-2015-5169
`CVE-2016-8738`	com.opensymphony:xwork	MEDIUM	5.9	2017-09-20T17:29:00	2.0.4	Vulnerability Link	CVE-2016-8738
`CVE-2013-4310`	org.apache.struts:struts2-core	MEDIUM	5.8	2013-09-30T21:55:00	2.0.11	Vulnerability Link	CVE-2013-4310
`CVE-2014-0116`	org.apache.struts:struts2-core	MEDIUM	5.8	2014-05-08T10:55:00	2.0.11	Vulnerability Link	CVE-2014-0116
`CVE-2013-2248`	org.apache.struts:struts2-core	MEDIUM	5.8	2013-07-20T03:37:00	2.0.11	Vulnerability Link	CVE-2013-2248
`CVE-2016-3093`	com.opensymphony:xwork	MEDIUM	5.3	2016-06-07T18:59:00	2.0.4	Vulnerability Link	CVE-2016-3093
`CVE-2016-3093`	opensymphony:ognl	MEDIUM	5.3	2016-06-07T18:59:00	2.6.11	Vulnerability Link	CVE-2016-3093
`CVE-2011-2088`	com.opensymphony:xwork	MEDIUM	5.0	2011-05-13T17:05:00	2.0.4	Vulnerability Link	CVE-2011-2088
`CVE-2010-1870`	com.opensymphony:xwork	MEDIUM	5.0	2010-08-17T20:00:00	2.0.4	Vulnerability Link	CVE-2010-1870
`CVE-2008-6504`	com.opensymphony:xwork	MEDIUM	5.0	2009-03-23T14:19:00	2.0.4	Vulnerability Link	CVE-2008-6504
`CVE-2012-4387`	com.opensymphony:xwork	MEDIUM	5.0	2012-09-05T23:55:00	2.0.4	Vulnerability Link	CVE-2012-4387
`CVE-2011-5057`	org.apache.struts:struts2-core	MEDIUM	5.0	2012-01-08T17:55:00	2.0.11	Vulnerability Link	CVE-2011-5057
`CVE-2014-0094`	org.apache.struts:struts2-core	MEDIUM	5.0	2014-03-11T13:00:00	2.0.11	Vulnerability Link	CVE-2014-0094
`CVE-2008-6505`	org.apache.struts:struts2-core	MEDIUM	5.0	2009-03-23T14:19:00	2.0.11	Vulnerability Link	CVE-2008-6505
`CVE-2012-1006`	org.apache.struts:struts2-core	MEDIUM	4.3	2012-02-07T04:09:00	2.0.11	Vulnerability Link	CVE-2012-1006
`CVE-2008-6682`	org.apache.struts:struts2-core	MEDIUM	4.3	2009-04-09T15:08:00	2.0.11	Vulnerability Link	CVE-2008-6682
`CVE-2006-1548`	struts:struts	MEDIUM	4.3	2006-03-30T22:02:00	1.1	Vulnerability Link	CVE-2006-1548
`CVE-2005-3745`	struts:struts	MEDIUM	4.3	2005-11-22T11:03:00	1.1	Vulnerability Link	CVE-2005-3745
`CVE-2009-0781`	tomcat:jasper-compiler	MEDIUM	4.3	2009-03-09T21:30:00	5.0.28	Vulnerability Link	CVE-2009-0781
`CVE-2009-0781`	tomcat:jasper-runtime	MEDIUM	4.3	2009-03-09T21:30:00	5.0.28	Vulnerability Link	CVE-2009-0781
`CVE-2009-0781`	tomcat:servlet-api	MEDIUM	4.3	2009-03-09T21:30:00	5.0.18	Vulnerability Link	CVE-2009-0781
`CVE-2013-0248`	commons-fileupload:commons-fileupload	MEDIUM	3.3	2013-03-15T20:55:00	1.2.1	Vulnerability Link	CVE-2013-0248
`CVE-2011-1772`	com.opensymphony:xwork	LOW	2.6	2011-05-13T17:05:00	2.0.4	Vulnerability Link	CVE-2011-1772

Custodela / Riches

Update cx.config.tmp #369

Cx-SCA Summary

Cx-SCA vulnerability result overview