Question

3
Replies
771
Views
Close popover
Ravi Reddy (RaviR662)
Cognizant

Cognizant
IN
RaviR662 Member since 2016 1 post
Cognizant
Posted: March 9, 2016
Last activity: March 10, 2016
Closed

Veracode static scan – Application vulnerability test clarification

Hi Team,

As part of the vulnerability test our client engaged “Veracode” to do static code analysis.

The tool has identified quite a few flaws in out of the box Chordiant API’s. We have mitigated that these flaws are from Chordiant framework jars which we will not able to do any modifications. Due to these flaws our client doesn’t signoff for go live.

I have attached the Veracode report for your review. We have checked the class names in the report and identified the following OOTB jars which are having flaws.

café.jar, café-tags.jar, csa-servlets.jar, ctiChordiant.jar, ctigenesysinteraction.jar, ctigenesysplatform.jar, ctimanager.jar, ctivruservices.jar, ctkimanager.jar, dialogserver.jar, ic.jar, jxbinterface.jar, jxbservice.jar, jxcore.jar, jxe.jar, jxp.jar, jxpBasePersistanceImpl.jar, jxrules.jar, jxw.jar, jxwTemplateCompiler.jar, lookuptable.jar, myfaces-impl-1.1.5.jar, odconnector.jar, qrst.jar, stp.jar, userprofilecore.jar

Could you please review and let me know your thoughts.


Chordiant Version - 6.7


Thanks & Regards,

Ravi Kumar Reddy S.

Message was edited by: Vidyaranjan Av| Removed attachment

Security
Moderation Team has archived post,
Close popover This thread is closed to future replies. Content and links will no longer be updated. If you have the same/similar Question, please write a new Question.