Announcement

Collapse
No announcement yet.
X
  • Filter
  • Time
Clear All
new posts

    VeraCode Security Scan - 3 Flaws - Isomorphic Cor RPC Jar

    Hi,

    We are using Smartclient12.0 power edition and have run our application EAR in "Veracode Security Scan". We have identified 3 flaws on the scan report on this jar isomorphic_core_rpc-v12.0.jar (Please refer the attachment).

    Could you please have a look and throw some light on this?
    Attached Files

    #2
    These are not real vulnerabilities. Please do run a scanning tool and send the output directly to us, as it is generally nonsense. You need to engage someone with at least a passing familiarity with security first.

    Here, your scanner has identified an intended and documented capability of the tool - allow superusers to execute Groovy or other code on the server, for runtime inspection of server state - as a vulnerability. It is not a vulnerability. Read in the reference about Tools Deployment.

    Comment


      #3
      Please refer the attachment and need some clarification on which we raised.
      Attached Files

      Comment


        #4
        If you have someone with security expertise, please submit a real vulnerability report, with exploit code (hint: you will not be able to do this).

        If you instead want training in how to correctly interpret security scanner results, you can purchase our commercial services.

        Comment

        Working...
        X