-
Story
-
Resolution: Unresolved
-
Medium
-
None
-
None
-
None
The following Veracode flaws need to be addressed in SLI Northbound UEB Listener:
CRLF Injection can be addressed via logging configuration replacement pattern to replace CRLF with a space. These flaws are isolated to sli-/northbound dmaap-listener and ueb-listener.
Cross-Cite scripting (Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) (CWE ID 80)(1 flaw)):
ueb-listener-*.jar org/.../SdncOdlConnection.java 125
Directory Traversal (External Control of File Name or Path (CWE ID 73)(23 3rd party flaws / 15 flaws to address)):
ueb-listener-*.jar org/.../SdncArtifactMap.java 94
ueb-listener-*.jar org/.../SdncUebCallback.java 212
ueb-listener-*.jar org/.../SdncUebCallback.java 269
ueb-listener-*.jar org/.../SdncUebCallback.java 270
ueb-listener-*.jar org/.../SdncUebCallback.java 288
ueb-listener-*.jar org/.../SdncUebCallback.java 293
ueb-listener-*.jar org/.../SdncUebCallback.java 327
ueb-listener-*.jar org/.../SdncUebCallback.java 332
ueb-listener-*.jar org/.../SdncUebCallback.java 377
ueb-listener-*.jar org/.../SdncUebCallback.java 388
ueb-listener-*.jar org/.../SdncUebCallback.java 481
ueb-listener-*.jar org/.../SdncUebCallback.java 486
ueb-listener-*.jar org/.../SdncUebCallback.java 537
ueb-listener-*.jar org/.../SdncUebCallback.java 1200
ueb-listener-*.jar .../SdncUebConfiguration.java 113
Information Leakage (Improper Restriction of XML External Entity Reference (CWE ID 611)(3 flaws)):
ueb-listener-*.jar org/.../SdncUebCallback.java 585
ueb-listener-*.jar org/.../SdncUebCallback.java 1167
ueb-listener-*.jar org/.../SdncUebCallback.java 1205