Skip to content

Update RichesDotnet.sln#1

Open
kmcdon83 wants to merge 1 commit intomasterfrom
kmcdon83-patch-1
Open

Update RichesDotnet.sln#1
kmcdon83 wants to merge 1 commit intomasterfrom
kmcdon83-patch-1

Conversation

@kmcdon83
Copy link

@kmcdon83 kmcdon83 commented Oct 23, 2024

No description provided.

@kmcdon83
Copy link
Author

kmcdon83 commented Oct 23, 2024

Logo
Checkmarx One – Scan Summary & Details03b79f12-f816-4dcc-9653-b438bca6957e

New Issues

Severity Issue Source File / Package Checkmarx Insight
CRITICAL CVE-2010-1870 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
CRITICAL CVE-2010-1870 Maven-com.opensymphony:xwork-2.0.4 Vulnerable Package
CRITICAL CVE-2012-0391 Maven-com.opensymphony:xwork-2.0.4 Vulnerable Package
CRITICAL CVE-2012-0391 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
CRITICAL CVE-2012-0392 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
CRITICAL CVE-2012-0838 Maven-com.opensymphony:xwork-2.0.4 Vulnerable Package
CRITICAL CVE-2012-0838 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
CRITICAL CVE-2013-1965 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
CRITICAL CVE-2013-1965 Maven-com.opensymphony:xwork-2.0.4 Vulnerable Package
CRITICAL CVE-2013-2134 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
CRITICAL CVE-2013-2135 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
CRITICAL CVE-2013-2251 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
CRITICAL CVE-2013-4316 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
CRITICAL CVE-2015-4852 Maven-commons-collections:commons-collections-3.1 Vulnerable Package
CRITICAL CVE-2015-7501 Maven-commons-collections:commons-collections-3.1 Vulnerable Package
CRITICAL CVE-2016-1000027 Maven-org.springframework:spring-web-2.0.5 Vulnerable Package
CRITICAL CVE-2016-1000031 Maven-commons-fileupload:commons-fileupload-1.1.1 Vulnerable Package
CRITICAL CVE-2016-1000031 Maven-commons-fileupload:commons-fileupload-1.2.1 Vulnerable Package
CRITICAL CVE-2016-2170 Maven-commons-collections:commons-collections-3.1 Vulnerable Package
CRITICAL CVE-2016-3082 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
CRITICAL CVE-2016-4436 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
CRITICAL CVE-2016-5018 Maven-tomcat:jasper-runtime-5.0.28 Vulnerable Package
CRITICAL CVE-2017-12611 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
CRITICAL CVE-2017-5638 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
CRITICAL CVE-2019-0230 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
CRITICAL CVE-2019-17571 Maven-log4j:log4j-1.2.9 Vulnerable Package
CRITICAL CVE-2020-10683 Maven-dom4j:dom4j-1.4 Vulnerable Package
CRITICAL CVE-2020-17530 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
CRITICAL CVE-2022-22965 Maven-org.springframework:spring-beans-2.0.5 Vulnerable Package
CRITICAL CVE-2022-23305 Maven-log4j:log4j-1.2.9 Vulnerable Package
CRITICAL CVE-2022-41853 Maven-org.hsqldb:hsqldb-2.3.2 Vulnerable Package
CRITICAL CVE-2023-50164 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
CRITICAL Command_Injection /riches.java/riches/pages/common/hidden_AdminControl.jsp: 74 Attack Vector
CRITICAL Command_Injection /riches.java/riches/WEB-INF/src/java/com/fortify/samples/riches/oper/SendMessage.java: 60 Attack Vector
CRITICAL Command_Injection /riches.java/riches/WEB-INF/src/java/com/fortify/samples/riches/oper/SendMessage.java: 60 Attack Vector
CRITICAL Command_Injection /riches.java/riches/WEB-INF/src/java/com/fortify/samples/riches/oper/SendMessage.java: 60 Attack Vector
CRITICAL Command_Injection /riches.java/riches/WEB-INF/src/java/com/fortify/samples/riches/oper/SendMessage.java: 60 Attack Vector
CRITICAL Command_Injection /riches.java/riches/WEB-INF/src/java/com/fortify/samples/riches/oper/SendMessage.java: 52 Attack Vector
CRITICAL Command_Injection /riches.java/riches/WEB-INF/src/java/com/fortify/samples/riches/oper/SendMessage.java: 52 Attack Vector
CRITICAL Command_Injection /riches.java/riches/WEB-INF/src/java/com/fortify/samples/riches/oper/SendMessage.java: 52 Attack Vector
CRITICAL Command_Injection /riches.java/riches/WEB-INF/src/java/com/fortify/samples/riches/oper/SendMessage.java: 52 Attack Vector
CRITICAL Command_Injection /riches.java/riches/WEB-INF/src/java/com/fortify/samples/riches/oper/SendNewsletter.java: 47 Attack Vector
CRITICAL Command_Injection /riches.java/riches/WEB-INF/src/java/com/fortify/samples/riches/oper/SendNewsletter.java: 47 Attack Vector
CRITICAL Command_Injection /riches.java/riches/WEB-INF/src/java/com/fortify/samples/riches/oper/SendNewsletter.java: 39 Attack Vector
CRITICAL Command_Injection /riches.java/riches/WEB-INF/src/java/com/fortify/samples/riches/oper/SendNewsletter.java: 39 Attack Vector
CRITICAL SQL_Injection /riches.net/RichesDotnet/App_Code/Restful/RestfulServices.cs: 65 Attack Vector
CRITICAL SQL_Injection /riches.net/RichesDotnet/App_Code/Restful/RestfulServices.cs: 57 Attack Vector
CRITICAL SQL_Injection /riches.net/RichesDotnet/Users/AdminControlPage.aspx.cs: 96 Attack Vector
CRITICAL SQL_Injection /riches.net/RichesDotnet/App_Code/Restful/RestfulServices.cs: 74 Attack Vector
CRITICAL SQL_Injection /riches.net/RichesDotnet/App_Code/Restful/RestfulServices.cs: 74 Attack Vector
CRITICAL SQL_Injection /riches.net/RichesDotnet/Users/AccountDetails.aspx.cs: 25 Attack Vector
CRITICAL SQL_Injection /riches.net/RichesDotnet/App_Code/Restful/RestfulServices.cs: 74 Attack Vector
CRITICAL SQL_Injection /riches.net/RichesDotnet/App_Code/Restful/RestfulServices.cs: 48 Attack Vector
CRITICAL SQL_Injection /riches.net/RichesDotnet/App_Code/Restful/RestfulServices.cs: 40 Attack Vector
CRITICAL SQL_Injection /riches.net/RichesDotnet/Anonymous/FindLocations.aspx.cs: 58 Attack Vector
CRITICAL SQL_Injection /riches.net/RichesDotnet/Anonymous/FindLocations.aspx.cs: 58 Attack Vector
CRITICAL SQL_Injection /riches.net/RichesDotnet/Anonymous/FindLocations.aspx.cs: 58 Attack Vector
CRITICAL SQL_Injection /riches.net/RichesDotnet/App_Code/Restful/RestfulServices.cs: 164 Attack Vector
CRITICAL SQL_Injection /riches.net/RichesDotnet/App_Code/Restful/RestfulServices.cs: 141 Attack Vector
CRITICAL SQL_Injection /riches.net/RichesDotnet/App_Code/Restful/RestfulServices.cs: 118 Attack Vector
CRITICAL SQL_Injection /riches.net/RichesDotnet/Users/Transfer.aspx.cs: 30 Attack Vector
CRITICAL SQL_Injection /riches.net/RichesDotnet/Users/Transfer.aspx.cs: 29 Attack Vector
CRITICAL SQL_Injection /riches.net/RichesDotnet/Anonymous/FindLocations.aspx.cs: 49 Attack Vector
CRITICAL SQL_Injection /riches.net/RichesDotnet/Anonymous/FindLocations.aspx.cs: 20 Attack Vector
CRITICAL SQL_Injection /riches.net/RichesDotnet/App_Code/Restful/RestfulServices.cs: 164 Attack Vector
CRITICAL SQL_Injection /riches.net/RichesDotnet/App_Code/Restful/RestfulServices.cs: 141 Attack Vector
CRITICAL SQL_Injection /riches.net/RichesDotnet/App_Code/Restful/RestfulServices.cs: 118 Attack Vector
CRITICAL SQL_Injection /riches.net/RichesDotnet/Users/Transfer.aspx.cs: 30 Attack Vector
CRITICAL SQL_Injection /riches.net/RichesDotnet/Users/Transfer.aspx.cs: 29 Attack Vector
CRITICAL SQL_Injection /riches.java/riches/WEB-INF/src/java/com/fortify/samples/riches/AccountDetails.java: 58 Attack Vector
CRITICAL SQL_Injection /riches.java/riches/WEB-INF/src/java/com/fortify/samples/riches/AccountDetails.java: 58 Attack Vector
CRITICAL SQL_Injection /riches.java/riches/WEB-INF/src/java/com/fortify/samples/riches/FindLocations.java: 50 Attack Vector
CRITICAL SQL_Injection /riches.java/riches/WEB-INF/src/java/com/fortify/samples/riches/FindLocations.java: 28 Attack Vector
CRITICAL SQL_Injection /riches.java/riches/WEB-INF/src/java/com/fortify/samples/riches/Messages.java: 20 Attack Vector
CRITICAL SQL_Injection /riches.java/riches/WEB-INF/src/java/com/fortify/samples/riches/FindLocations.java: 32 Attack Vector
CRITICAL SQL_Injection /riches.java/riches/WEB-INF/src/java/com/fortify/samples/riches/FindLocations.java: 32 Attack Vector
CRITICAL SQL_Injection /riches.java/riches/WEB-INF/src/java/com/fortify/samples/riches/FindLocations.java: 32 Attack Vector
CRITICAL Second_Order_SQL_Injection /riches.net/RichesDotnet/App_Code/Components/AccountDB.cs: 66 Attack Vector
CRITICAL Second_Order_SQL_Injection /riches.net/RichesDotnet/App_Code/Components/AccountDB.cs: 66 Attack Vector
CRITICAL Second_Order_SQL_Injection /riches.net/RichesDotnet/App_Code/Components/AccountDB.cs: 66 Attack Vector
CRITICAL Stored_XSS /riches.net/RichesDotnet/App_Code/Components/ProfileDB.cs: 46 Attack Vector
CRITICAL Stored_XSS /riches.net/RichesDotnet/App_Code/Components/ProfileDB.cs: 46 Attack Vector
CRITICAL Stored_XSS /riches.net/RichesDotnet/Users/ViewMessage.aspx: 30 Attack Vector
CRITICAL Stored_XSS /riches.java/riches/WEB-INF/src/java/com/fortify/samples/riches/model/TransactionService.java: 168 Attack Vector
CRITICAL Stored_XSS /riches.java/riches/pages/FilesViewer.jsp: 13 Attack Vector
CRITICAL Stored_XSS /riches.java/riches/pages/Backup.jsp: 11 Attack Vector
HIGH CVE-2006-1546 Maven-struts:struts-1.1 Vulnerable Package
HIGH CVE-2006-1547 Maven-struts:struts-1.1 Vulnerable Package
HIGH CVE-2011-2730 Maven-org.springframework:spring-web-2.0.5 Vulnerable Package
HIGH CVE-2012-1592 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2013-2186 Maven-commons-fileupload:commons-fileupload-1.1.1 Vulnerable Package
HIGH CVE-2013-2186 Maven-commons-fileupload:commons-fileupload-1.2.1 Vulnerable Package
HIGH CVE-2014-0050 Maven-commons-fileupload:commons-fileupload-1.2.1 Vulnerable Package
HIGH CVE-2014-0050 Maven-commons-fileupload:commons-fileupload-1.1.1 Vulnerable Package
HIGH CVE-2014-0112 Maven-com.opensymphony:xwork-2.0.4 Vulnerable Package
HIGH CVE-2014-0112 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2014-0113 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2014-0114 Maven-commons-beanutils:commons-beanutils-1.7.0 Vulnerable Package
HIGH CVE-2014-0114 Maven-struts:struts-1.1 Vulnerable Package
HIGH CVE-2014-0225 Maven-org.springframework:spring-web-2.0.5 Vulnerable Package
HIGH CVE-2015-0254 Maven-taglibs:standard-1.1.2 Vulnerable Package
HIGH CVE-2015-1831 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2015-5209 Maven-com.opensymphony:xwork-2.0.4 Vulnerable Package
HIGH CVE-2015-5209 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2015-6420 Maven-commons-collections:commons-collections-3.1 Vulnerable Package
HIGH CVE-2016-0785 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2016-0785 Maven-com.opensymphony:xwork-2.0.4 Vulnerable Package
HIGH CVE-2016-10707 Npm-jquery-1.4.1 Vulnerable Package
HIGH CVE-2016-3081 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2016-3090 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2016-3092 Maven-commons-fileupload:commons-fileupload-1.2.1 Vulnerable Package
HIGH CVE-2016-3092 Maven-commons-fileupload:commons-fileupload-1.1.1 Vulnerable Package
HIGH CVE-2016-4461 Maven-com.opensymphony:xwork-2.0.4 Vulnerable Package
HIGH CVE-2016-4461 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2016-5007 Maven-org.springframework:spring-core-1.2.8 Vulnerable Package
HIGH CVE-2016-5007 Maven-org.springframework:spring-core-2.0.5 Vulnerable Package
HIGH CVE-2017-9787 Maven-com.opensymphony:xwork-2.0.4 Vulnerable Package
HIGH CVE-2018-1000632 Maven-dom4j:dom4j-1.4 Vulnerable Package
HIGH CVE-2018-11040 Maven-org.springframework:spring-web-2.0.5 Vulnerable Package
HIGH CVE-2018-11776 Maven-org.apache.struts:struts2-core-2.0.11 Vulnerable Package
HIGH CVE-2018-11776 Maven-com.opensymphony:xwork-2.0.4 Vulnerable Package
HIGH CVE-2018-1272 Maven-org.springframework:spring-web-2.0.5 Vulnerable Package
HIGH CVE-2018-1272 Maven-org.springframework:spring-core-1.2.8 Vulnerable Package
HIGH CVE-2018-1272 Maven-org.springframework:spring-core-2.0.5 Vulnerable Package
HIGH CVE-2019-0233 Maven-org.apache.struts:struts2-core-2.0.11

More results are available on AST platform

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kmcdon83