Closed CxTyler closed 3 years ago
Severity | Count |
---|---|
High | 277 |
Medium | 179 |
Low | 467 |
Informational | 8 |
Severity | Count |
---|---|
High | 66 |
Lines | Severity | Category | File | Link |
---|---|---|---|---|
8 | High | Reflected_XSS_All_Clients | src/main/webapp/vulnerability/UserDetails.jsp | Checkmarx |
16 | High | Reflected_XSS_All_Clients | src/main/webapp/vulnerability/xss/search.jsp | Checkmarx |
14 | High | Reflected_XSS_All_Clients | src/main/webapp/vulnerability/Injection/xslt.jsp | Checkmarx |
2 | High | Reflected_XSS_All_Clients | src/main/webapp/vulnerability/xss/xss4.jsp | Checkmarx |
39 | High | Reflected_XSS_All_Clients | src/main/java/org/cysecurity/cspf/jvl/controller/AddPage.java | Checkmarx |
58 | High | Reflected_XSS_All_Clients | src/main/webapp/admin/adminlogin.jsp | Checkmarx |
9 | High | Reflected_XSS_All_Clients | src/main/webapp/vulnerability/Injection/xpath_login.jsp | Checkmarx |
44 | High | Reflected_XSS_All_Clients | src/main/java/org/cysecurity/cspf/jvl/controller/xxe.java | Checkmarx |
7 26 | High | Reflected_XSS_All_Clients | src/main/webapp/login.jsp | Checkmarx |
11 18 | High | Reflected_XSS_All_Clients | src/main/webapp/vulnerability/SendMessage.jsp | Checkmarx |
13 | High | SQL_Injection | src/main/webapp/admin/manageusers.jsp | Checkmarx |
41 42 43 | High | SQL_Injection | src/main/webapp/vulnerability/forum.jsp | Checkmarx |
44 | High | SQL_Injection | src/main/java/org/cysecurity/cspf/jvl/controller/EmailCheck.java | Checkmarx |
58 60 | High | SQL_Injection | src/main/java/org/cysecurity/cspf/jvl/controller/Install.java | Checkmarx |
37 38 39 | High | SQL_Injection | src/main/webapp/changeCardDetails.jsp | Checkmarx |
27 28 | High | SQL_Injection | src/main/webapp/vulnerability/idor/change-email.jsp | Checkmarx |
33 | High | SQL_Injection | src/main/webapp/vulnerability/csrf/changepassword.jsp | Checkmarx |
43 44 | High | SQL_Injection | src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java | Checkmarx |
50 | High | SQL_Injection | src/main/webapp/vulnerability/Injection/orm.jsp | Checkmarx |
16 | High | SQL_Injection | src/main/webapp/vulnerability/DisplayMessage.jsp | Checkmarx |
43 | High | SQL_Injection | src/main/java/org/cysecurity/cspf/jvl/controller/UsernameCheck.java | Checkmarx |
8 | High | SQL_Injection | src/main/webapp/vulnerability/UserDetails.jsp | Checkmarx |
18 | High | SQL_Injection | src/main/webapp/vulnerability/sqli/download_id.jsp | Checkmarx |
43 44 45 46 47 | High | SQL_Injection | src/main/java/org/cysecurity/cspf/jvl/controller/Register.java | Checkmarx |
9 | High | SQL_Injection | src/main/webapp/vulnerability/forumposts.jsp | Checkmarx |
26 | High | SQL_Injection | src/main/webapp/vulnerability/csrf/change-info.jsp | Checkmarx |
11 | High | SQL_Injection | src/main/webapp/admin/adminlogin.jsp | Checkmarx |
18 | High | SQL_Injection | src/main/webapp/vulnerability/sqli/download_id_union.jsp | Checkmarx |
42 | High | SQL_Injection | src/main/webapp/ForgotPassword.jsp | Checkmarx |
16 | High | SQL_Injection | src/main/webapp/myprofile.jsp | Checkmarx |
35 36 | High | SQL_Injection | src/main/java/org/cysecurity/cspf/jvl/controller/XPathQuery.java | Checkmarx |
19 | High | Second_Order_SQL_Injection | src/main/webapp/admin/adminlogin.jsp | Checkmarx |
52 | High | Second_Order_SQL_Injection | src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java | Checkmarx |
42 | High | Stored_XSS | src/main/webapp/ForgotPassword.jsp | Checkmarx |
14 | High | Stored_XSS | src/main/webapp/vulnerability/Messages.jsp | Checkmarx |
52 | High | Stored_XSS | src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java | Checkmarx |
19 | High | Stored_XSS | src/main/webapp/vulnerability/securitymisconfig/pages.jsp | Checkmarx |
21 29 | High | Stored_XSS | src/main/webapp/myprofile.jsp | Checkmarx |
19 | High | Stored_XSS | src/main/webapp/admin/adminlogin.jsp | Checkmarx |
24 | High | Stored_XSS | src/main/webapp/vulnerability/idor/download.jsp | Checkmarx |
12 | High | Stored_XSS | src/main/webapp/vulnerability/Injection/orm.jsp | Checkmarx |
13 | High | Stored_XSS | src/main/webapp/vulnerability/UserDetails.jsp | Checkmarx |
16 | High | Stored_XSS | src/main/webapp/vulnerability/DisplayMessage.jsp | Checkmarx |
60 | High | Stored_XSS | src/main/webapp/vulnerability/forum.jsp | Checkmarx |
19 | High | Stored_XSS | src/main/webapp/admin/manageusers.jsp | Checkmarx |
14 | High | Stored_XSS | src/main/webapp/vulnerability/forumposts.jsp | Checkmarx |
12 | High | Stored_XSS | src/main/webapp/vulnerability/forumUsersList.jsp | Checkmarx |
43 | High | Stored_XSS | src/main/webapp/vulnerability/sqli/download_id_union.jsp | Checkmarx |
43 | High | Stored_XSS | src/main/webapp/vulnerability/sqli/download_id.jsp | Checkmarx |
35 36 | High | XPath_Injection | src/main/java/org/cysecurity/cspf/jvl/controller/XPathQuery.java | Checkmarx |
Total Packages Identified | 23 |
---|---|
High severity vulnerabilities | 23 |
Medium severity vulnerabilities | 11 |
Low severity vulnerabilities | 1 |
Scan risk score | 9.80 |
Vulnerability ID | Package | Severity | CVSS score | Publish date | Current version | Recommended version | Link in CxSCA | Reference – NVD link |
---|---|---|---|---|---|---|---|---|
CVE-2015-7501 |
commons-collections:commons-collections | HIGH | 9.8 | 2017-11-09T17:29:00 | 3.2.1 | Vulnerability Link | CVE-2015-7501 | |
CVE-2020-10683 |
dom4j:dom4j | HIGH | 9.8 | 2020-05-01T19:15:00 | 1.6.1 | Vulnerability Link | CVE-2020-10683 | |
CVE-2019-3888 |
io.undertow:undertow-core | HIGH | 9.8 | 2019-06-12T14:29:00 | 2.0.9.Final | Vulnerability Link | CVE-2019-3888 | |
CVE-2019-10212 |
io.undertow:undertow-core | HIGH | 9.8 | 2019-10-02T19:15:00 | 2.0.9.Final | Vulnerability Link | CVE-2019-10212 | |
CVE-2020-1938 |
org.apache.tomcat:tomcat-coyote | HIGH | 9.8 | 2020-02-24T22:15:00 | 9.0.22 | Vulnerability Link | CVE-2020-1938 | |
CVE-2015-2575 |
mysql:mysql-connector-java | HIGH | 9.1 | 2014-12-06T00:00:00 | 5.1.26 | Vulnerability Link | CVE-2015-2575 | |
CVE-2018-3258 |
mysql:mysql-connector-java | HIGH | 8.8 | 2018-10-17T01:31:00 | 5.1.26 | Vulnerability Link | CVE-2018-3258 | |
CVE-2017-3523 |
mysql:mysql-connector-java | HIGH | 8.5 | 2017-04-24T19:59:00 | 5.1.26 | Vulnerability Link | CVE-2017-3523 | |
CVE-2020-1757 |
io.undertow:undertow-core | HIGH | 8.1 | 2020-04-21T17:15:00 | 2.0.9.Final | Vulnerability Link | CVE-2020-1757 | |
Cx78f40514-81ff |
commons-collections:commons-collections | HIGH | 7.5 | 2018-10-31T10:39:00 | 3.2.1 | Vulnerability Link | N\A | |
CVE-2015-6420 |
commons-collections:commons-collections | HIGH | 7.5 | 2015-12-15T05:59:00 | 3.2.1 | Vulnerability Link | CVE-2015-6420 | |
CVE-2018-1000632 |
dom4j:dom4j | HIGH | 7.5 | 2018-08-20T19:31:00 | 1.6.1 | Vulnerability Link | CVE-2018-1000632 | |
CVE-2020-10705 |
io.undertow:undertow-core | HIGH | 7.5 | 2020-06-10T20:15:00 | 2.0.9.Final | Vulnerability Link | CVE-2020-10705 | |
CVE-2020-1745 |
io.undertow:undertow-core | HIGH | 7.5 | 2020-04-28T15:15:00 | 2.0.9.Final | Vulnerability Link | CVE-2020-1745 | |
Cx7ef609d2-efb5 |
mysql:mysql-connector-java | HIGH | 7.5 | 2010-08-01T23:00:00 | 5.1.26 | Vulnerability Link | N\A | |
Cx6f651376-312a |
mysql:mysql-connector-java | HIGH | 7.5 | 2017-08-14T23:00:00 | 5.1.26 | Vulnerability Link | N\A | |
Cx039cb67c-ead3 |
mysql:mysql-connector-java | HIGH | 7.5 | 2015-08-16T23:00:00 | 5.1.26 | Vulnerability Link | N\A | |
CVE-2020-13934 |
org.apache.tomcat:tomcat-coyote | HIGH | 7.5 | 2020-07-14T15:15:00 | 9.0.22 | Vulnerability Link | CVE-2020-13934 | |
CVE-2020-11996 |
org.apache.tomcat:tomcat-coyote | HIGH | 7.5 | 2020-06-26T17:15:00 | 9.0.22 | Vulnerability Link | CVE-2020-11996 | |
Cx2906ba70-607a |
org.json:json | HIGH | 7.5 | 2017-08-18T09:31:00 | 20131018 | Vulnerability Link | N\A | |
Cx08fcacc9-cb99 |
org.json:json | HIGH | 7.5 | 2017-10-30T11:27:00 | 20131018 | Vulnerability Link | N\A | |
Cxdb5a1032-eda2 |
org.json:json | HIGH | 7.5 | 2019-09-17T10:37:00 | 20131018 | Vulnerability Link | N\A | |
CVE-2020-25638 |
org.hibernate:hibernate-core | HIGH | 7.4 | 2020-09-22T16:32:00 | 4.0.1.Final | Vulnerability Link | CVE-2020-25638 | |
CVE-2020-10719 |
io.undertow:undertow-core | MEDIUM | 6.5 | 2020-05-26T16:15:00 | 2.0.9.Final | Vulnerability Link | CVE-2020-10719 | |
CVE-2020-10687 |
io.undertow:undertow-core | MEDIUM | 6.5 | 2020-09-23T13:15:00 | 2.0.9.Final | Vulnerability Link | CVE-2020-10687 | |
CVE-2019-14900 |
org.hibernate:hibernate-core | MEDIUM | 6.5 | 2019-01-15T00:00:00 | 4.0.1.Final | Vulnerability Link | CVE-2019-14900 | |
CVE-2017-3586 |
mysql:mysql-connector-java | MEDIUM | 6.4 | 2017-04-24T19:59:00 | 5.1.26 | Vulnerability Link | CVE-2017-3586 | |
CVE-2019-2692 |
mysql:mysql-connector-java | MEDIUM | 6.3 | 2019-04-23T19:32:00 | 5.1.26 | Vulnerability Link | CVE-2019-2692 | |
CVE-2020-2934 |
mysql:mysql-connector-java | MEDIUM | 5.0 | 2020-04-15T14:15:00 | 5.1.26 | Vulnerability Link | CVE-2020-2934 | |
CVE-2020-1935 |
org.apache.tomcat:tomcat-coyote | MEDIUM | 4.8 | 2020-02-24T22:15:00 | 9.0.22 | Vulnerability Link | CVE-2020-1935 | |
CVE-2019-17569 |
org.apache.tomcat:tomcat-coyote | MEDIUM | 4.8 | 2020-02-24T22:15:00 | 9.0.22 | Vulnerability Link | CVE-2019-17569 | |
CVE-2020-2875 |
mysql:mysql-connector-java | MEDIUM | 4.7 | 2020-04-15T14:15:00 | 5.1.26 | Vulnerability Link | CVE-2020-2875 | |
CVE-2020-13943 |
org.apache.tomcat:tomcat-coyote | MEDIUM | 4.3 | 2020-10-12T14:15:00 | 9.0.22 | Vulnerability Link | CVE-2020-13943 | |
CVE-2017-3589 |
mysql:mysql-connector-java | MEDIUM | 3.3 | 2017-04-24T19:59:00 | 5.1.26 | Vulnerability Link | CVE-2017-3589 | |
CVE-2020-2933 |
mysql:mysql-connector-java | LOW | 2.2 | 2020-04-15T14:15:00 | 5.1.26 | Vulnerability Link | CVE-2020-2933 |
Scan submitted to Checkmarx