search

Custodela / Riches

0 stars 3 forks source link

Update application.xml #378

Open kmcdon83 opened 7 months ago

kmcdon83 commented 7 months ago

Logo Checkmarx One – Scan Summary & Details00900f81-1c22-4e8f-a82a-138f06c989d9

New Issues

Severity Issue Source File / Package Checkmarx Insight
HIGH CVE-2010-1870 Maven-com.opensymphony:xwork-2.0.4 Vulnerable Package
HIGH CVE-2010-1870 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2012-0391 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2012-0391 Maven-com.opensymphony:xwork-2.0.4 Vulnerable Package
HIGH CVE-2012-0392 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2012-0838 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2012-0838 Maven-com.opensymphony:xwork-2.0.4 Vulnerable Package
HIGH CVE-2012-1592 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2013-1965 Maven-com.opensymphony:xwork-2.0.4 Vulnerable Package
HIGH CVE-2013-1965 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2013-2134 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2013-2135 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2013-2186 Maven-commons-fileupload:commons-fileupload-1.2.1 Vulnerable Package
HIGH CVE-2013-2251 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2013-4316 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2014-0050 Maven-commons-fileupload:commons-fileupload-1.2.1 Vulnerable Package
HIGH CVE-2014-0112 Maven-com.opensymphony:xwork-2.0.4 Vulnerable Package
HIGH CVE-2014-0112 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2014-0113 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2014-0114 Maven-commons-beanutils:commons-beanutils-1.7.0 Vulnerable Package
HIGH CVE-2015-1831 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2015-5209 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2015-5209 Maven-com.opensymphony:xwork-2.0.4 Vulnerable Package
HIGH CVE-2016-0785 Maven-com.opensymphony:xwork-2.0.4 Vulnerable Package
HIGH CVE-2016-0785 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2016-1000031 Maven-commons-fileupload:commons-fileupload-1.2.1 Vulnerable Package
HIGH CVE-2016-3081 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2016-3082 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2016-3090 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2016-3092 Maven-commons-fileupload:commons-fileupload-1.2.1 Vulnerable Package
HIGH CVE-2016-4436 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2016-4461 Maven-com.opensymphony:xwork-2.0.4 Vulnerable Package
HIGH CVE-2016-4461 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2017-12611 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2017-5638 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2017-9787 Maven-com.opensymphony:xwork-2.0.4 Vulnerable Package
HIGH CVE-2018-1000632 Maven-dom4j:dom4j-1.4 Vulnerable Package
HIGH CVE-2018-11776 Maven-com.opensymphony:xwork-2.0.4 Vulnerable Package
HIGH CVE-2018-11776 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2019-0230 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2019-0233 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2020-10683 Maven-dom4j:dom4j-1.4 Vulnerable Package
HIGH CVE-2020-17530 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2022-40149 Maven-org.codehaus.jettison:jettison-1.1 Vulnerable Package
HIGH CVE-2022-40150 Maven-org.codehaus.jettison:jettison-1.1 Vulnerable Package
HIGH CVE-2022-45685 Maven-org.codehaus.jettison:jettison-1.1 Vulnerable Package
HIGH CVE-2022-45693 Maven-org.codehaus.jettison:jettison-1.1 Vulnerable Package
HIGH CVE-2023-1436 Maven-org.codehaus.jettison:jettison-1.1 Vulnerable Package
HIGH CVE-2023-24998 Maven-commons-fileupload:commons-fileupload-1.2.1 Vulnerable Package
HIGH CVE-2023-41835 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2023-49735 Maven-org.apache.tiles:tiles-core-2.0.5 Vulnerable Package
HIGH CVE-2023-50164 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH Command_Injection /riches/pages/common/hidden_AdminControl.jsp: 74 Attack Vector
HIGH Command_Injection /riches/WEB-INF/src/java/com/checkmarx/samples/riches/oper/SendMessage.java: 60 Attack Vector
HIGH Command_Injection /riches/WEB-INF/src/java/com/checkmarx/samples/riches/oper/SendMessage.java: 60 Attack Vector
HIGH Command_Injection /riches/WEB-INF/src/java/com/checkmarx/samples/riches/oper/SendMessage.java: 60 Attack Vector
HIGH Command_Injection /riches/WEB-INF/src/java/com/checkmarx/samples/riches/oper/SendMessage.java: 60 Attack Vector
HIGH Command_Injection /riches/WEB-INF/src/java/com/checkmarx/samples/riches/oper/SendMessage.java: 52 Attack Vector
HIGH Command_Injection /riches/WEB-INF/src/java/com/checkmarx/samples/riches/oper/SendMessage.java: 52 Attack Vector
HIGH Command_Injection /riches/WEB-INF/src/java/com/checkmarx/samples/riches/oper/SendMessage.java: 52 Attack Vector
HIGH Command_Injection /riches/WEB-INF/src/java/com/checkmarx/samples/riches/oper/SendMessage.java: 52 Attack Vector
HIGH Command_Injection /riches/WEB-INF/src/java/com/checkmarx/samples/riches/oper/SendNewsletter.java: 47 Attack Vector
HIGH Command_Injection /riches/WEB-INF/src/java/com/checkmarx/samples/riches/oper/SendNewsletter.java: 47 Attack Vector
HIGH Command_Injection /riches/WEB-INF/src/java/com/checkmarx/samples/riches/oper/SendNewsletter.java: 39 Attack Vector
HIGH Command_Injection /riches/WEB-INF/src/java/com/checkmarx/samples/riches/oper/SendNewsletter.java: 39 Attack Vector
HIGH Reflected_XSS_All_Clients /riches/WEB-INF/src/java/com/checkmarx/samples/riches/restful/AccountResources.java: 124 Attack Vector
HIGH Reflected_XSS_All_Clients /riches/WEB-INF/src/java/com/checkmarx/samples/riches/restful/AccountResources.java: 102 Attack Vector
HIGH Reflected_XSS_All_Clients /riches/WEB-INF/src/java/com/checkmarx/samples/riches/restful/AccountResources.java: 102 Attack Vector
HIGH Reflected_XSS_All_Clients /riches/WEB-INF/src/java/com/checkmarx/samples/riches/restful/TransactionResources.java: 84 Attack Vector
HIGH Reflected_XSS_All_Clients /riches/WEB-INF/src/java/com/checkmarx/samples/riches/restful/TransactionResources.java: 63 Attack Vector
HIGH Reflected_XSS_All_Clients /riches/WEB-INF/src/java/com/checkmarx/samples/riches/restful/TransactionResources.java: 101 Attack Vector
HIGH Reflected_XSS_All_Clients /riches/WEB-INF/src/java/com/checkmarx/samples/riches/restful/AccountResources.java: 62 Attack Vector
HIGH Reflected_XSS_All_Clients /riches/login/error.jsp: 11 Attack Vector
HIGH Reflected_XSS_All_Clients /riches/pages/content/Security.jsp: 6 Attack Vector
HIGH Reflected_XSS_All_Clients /riches/login/Register.jsp: 75 Attack Vector
HIGH SQL_Injection /riches/WEB-INF/src/java/com/checkmarx/samples/riches/AccountDetails.java: 58 Attack Vector
HIGH SQL_Injection /riches/WEB-INF/src/java/com/checkmarx/samples/riches/AccountDetails.java: 58 Attack Vector
HIGH SQL_Injection /riches/WEB-INF/src/java/com/checkmarx/samples/riches/FindLocations.java: 50 Attack Vector
HIGH SQL_Injection /riches/WEB-INF/src/java/com/checkmarx/samples/riches/FindLocations.java: 28 Attack Vector
HIGH SQL_Injection /riches/WEB-INF/src/java/com/checkmarx/samples/riches/Messages.java: 20 Attack Vector
HIGH SQL_Injection /riches/WEB-INF/src/java/com/checkmarx/samples/riches/FindLocations.java: 32 Attack Vector
HIGH SQL_Injection /riches/WEB-INF/src/java/com/checkmarx/samples/riches/FindLocations.java: 32 Attack Vector
HIGH SQL_Injection /riches/WEB-INF/src/java/com/checkmarx/samples/riches/FindLocations.java: 32 Attack Vector
HIGH Stored_XSS /riches/WEB-INF/src/java/com/checkmarx/samples/riches/model/TransactionService.java: 168 Attack Vector
HIGH Stored_XSS /riches/pages/FilesViewer.jsp: 13 Attack Vector
HIGH Stored_XSS /riches/pages/Backup.jsp: 11 Attack Vector
MEDIUM CSRF /riches/WEB-INF/src/java/com/checkmarx/samples/riches/PerformTransfer.java: 30 Attack Vector
MEDIUM CSRF /riches/WEB-INF/src/java/com/checkmarx/samples/riches/PerformChangePass.java: 39 Attack Vector
MEDIUM CSRF /riches/WEB-INF/src/java/com/checkmarx/samples/riches/PerformCheck.java: 49 Attack Vector
MEDIUM CSRF /riches/WEB-INF/src/java/com/checkmarx/samples/riches/PerformChangePass.java: 31 Attack Vector
MEDIUM CSRF /riches/WEB-INF/src/java/com/checkmarx/samples/riches/PerformChangePass.java: 45 Attack Vector
MEDIUM CSRF /riches/WEB-INF/src/java/com/checkmarx/samples/riches/PerformTransfer.java: 30 Attack Vector
MEDIUM CSRF /riches/WEB-INF/src/java/com/checkmarx/samples/riches/PerformChangePass.java: 47 Attack Vector
MEDIUM CSRF /riches/WEB-INF/src/java/com/checkmarx/samples/riches/PerformTransfer.java: 30 Attack Vector
MEDIUM CSRF /riches/WEB-INF/src/java/com/checkmarx/samples/riches/PerformTransfer.java: 30 Attack Vector
MEDIUM CSRF /riches/WEB-INF/src/java/com/checkmarx/samples/riches/PerformCheck.java: 49 Attack Vector
MEDIUM CSRF /riches/WEB-INF/src/java/com/checkmarx/samples/riches/DeleteMessage.java: 14 Attack Vector
MEDIUM CVE-2008-6504 Maven-com.opensymphony:xwork-2.0.4 Vulnerable Package
MEDIUM CVE-2008-6505 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
MEDIUM CVE-2008-6682 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
MEDIUM CVE-2011-5057 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
MEDIUM CVE-2012-0393 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
MEDIUM CVE-2012-0394 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
MEDIUM CVE-2012-1006 Maven-com.opensymphony:xwork-2.0.4 Vulnerable Package
MEDIUM CVE-2012-1006 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
MEDIUM CVE-2012-4386 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
MEDIUM CVE-2012-4387 Maven-com.opensymphony:xwork-2.0.4 Vulnerable Package
MEDIUM CVE-2013-2248 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
MEDIUM CVE-2013-4310 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
MEDIUM CVE-2014-0094 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
MEDIUM CVE-2014-0116 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
MEDIUM CVE-2014-7809 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
MEDIUM CVE-2015-2992 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
MEDIUM CVE-2015-5169 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
MEDIUM CVE-2016-2162 Maven-com.opensymphony:xwork-2.0.4 Vulnerable Package
MEDIUM CVE-2016-2162 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
MEDIUM CVE-2016-3093 Maven-opensymphony:ognl-2.6.11 Vulnerable Package
MEDIUM CVE-2016-3093 Maven-com.opensymphony:xwork-2.0.4 Vulnerable Package
MEDIUM CVE-2016-4003 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
MEDIUM CVE-2023-34149 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
MEDIUM CVE-2023-34396 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
MEDIUM HttpOnlyCookies /riches/login/logout.jsp: 5 Attack Vector
MEDIUM Improper_Restriction_of_XXE_Ref /riches/WEB-INF/src/java/com/checkmarx/samples/riches/restful/AccountResources.java: 124 Attack Vector
MEDIUM Improper_Restriction_of_XXE_Ref /riches/WEB-INF/src/java/com/checkmarx/samples/riches/restful/AccountResources.java: 102 Attack Vector
MEDIUM Improper_Restriction_of_XXE_Ref /riches/WEB-INF/src/java/com/checkmarx/samples/riches/restful/TransactionResources.java: 84

More results are available on AST platform