RaviR662 Member since 2016 1 post
Posted: 4 years ago
Last activity: 4 years 6 months ago

Veracode static scan – Application vulnerability test clarification

Hi Team,

As part of the vulnerability test our client engaged “Veracode” to do static code analysis.

The tool has identified quite a few flaws in out of the box Chordiant API’s. We have mitigated that these flaws are from Chordiant framework jars which we will not able to do any modifications. Due to these flaws our client doesn’t signoff for go live.

I have attached the Veracode report for your review. We have checked the class names in the report and identified the following OOTB jars which are having flaws.

café.jar, café-tags.jar, csa-servlets.jar, ctiChordiant.jar, ctigenesysinteraction.jar, ctigenesysplatform.jar, ctimanager.jar, ctivruservices.jar, ctkimanager.jar, dialogserver.jar, ic.jar, jxbinterface.jar, jxbservice.jar, jxcore.jar, jxe.jar, jxp.jar, jxpBasePersistanceImpl.jar, jxrules.jar, jxw.jar, jxwTemplateCompiler.jar, lookuptable.jar, myfaces-impl-1.1.5.jar, odconnector.jar, qrst.jar, stp.jar, userprofilecore.jar

Could you please review and let me know your thoughts.

Chordiant Version - 6.7

Thanks & Regards,

Ravi Kumar Reddy S.

Message was edited by: Vidyaranjan Av| Removed attachment

Moderation Team has archived post
Share this page LinkedIn