Page History

...

Repository	Group	Artifact	Version	Problem Code	Impact Analysis	Action
vfc/nfvo/resmanagement	commons-beanutils	commons-beanutils	1.8.0	CVE-2014-0114	False positive net.sf.json-lib:json-lib:2.4 depend on this This vulnerability issue is an indirect dependency introduced by vfc/nfvo/resmanagement	False positive.No Action. All of the existing jackson jackson-mapper-asl have vulnerabilities issues.
vfc/nfvo/resmanagement	org.codehaus.jackson	jackson-mapper-asl	1.9.13	CVE-2017-7525	False positive Version 1.9.13 is already newest. There is no non vulnerable version of this component. Code doesn’t use Jackson directly and don’t use createBeanDeserializer() function which has the vulnerability. We were unable to find any reference to this Vulnerability	False positive.No Action. All of the existing jackson jackson-mapper-asl have vulnerabilities issues.
vfc/nfvo/driver/vnfm/svnfm/huawei	commons-beanutils	commons-beanutils	1.8.0	CVE-2014-0114	False positive net.sf.json-lib:json-lib:2.4 depend on this This vulnerability issue is an indirect dependency introduced by vfc/nfvo/driver/vnfm/svnfm/huawei	False positive
vfc/nfvo/driver/vnfm/svnfm/huawei	commons-httpclient	commons-httpclient	3.1	SONATYPE-2007	False positive Version 3.1 is already newest. There is no non vulnerable version of this component. VF-C code doesn’t use the readRawLine() method in commons-httpclient directly. We plan to replace this jar with Apache HttpComponents, but need some time to update the code and test.	False positive We are trying to replace this jar with other jars
vfc/nfvo/driver/vnfm/svnfm/huawei	org.codehaus.jackson	jackson-mapper-asl	1.9.13	CVE-2017-7525	False positive Version 1.9.13 is already newest. There is no non vulnerable version of this component. We don’t use Jackson directly and don’t use createBeanDeserializer() function which has the vulnerability. We were unable to find any reference to this Vulnerability	False positive.No Action . No version with a fix is currently available. false positive
vfc/nfvo/driver/vnfm/svnfm/huaweivfc/nfvo/driver/vnfm/gvnfm vfc-nfvo-multivimproxy vfc-nfvo-resmanagement	commons-collections	commons-collections	3.2.1	SONATYPE-2015-0002	False positive Code doesn't use InvokerTransformer	Plan to update the no vulnerability version in D version
vfc/nfvo/driver/vnfm/svnfm/huaweivfc/nfvo/driver/vnfm/gvnfmvfc-nfvo-multivimproxy vfc-nfvo-resmanagement	org.apache.cxf	cxf-rt-transports-http	3.1.6	CVE-2018-8039	False positive Code doesn't use the verify() function in AllowAllHostnameVerifier.class and DefaultHostnameVerifier.class, and the decorateWithTLS() function in HttpsURLConnectionFactory.class	Plan to update the no vulnerability version in D versionvfc/nfvo/driver/vnfm/svnfm/huawei
vfc/nfvo/driver/vnfm/gvnfm vfc-nfvo-multivimproxy vfc-nfvo-resmanagement	org.springframework	spring-expression	3.1.0.RELEASE	CVE-2018-1270	False positive Code doesn't use getMethods() method in the ReflectiveMethodResolver class, the canWrite method in the ReflectivePropertyAccessor class, and the filterSubscriptions() method in the DefaultSubscriptionRegistry class	Plan to update the no vulnerability version in D version
vfc/nfvo/driver/vnfm/svnfm/huaweivfc/nfvo/driver/vnfm/gvnfm vfc-nfvo-multivimproxy vfc-nfvo-resmanagement	org.springframework	spring-web	3.2.14.RELEASE	CVE-2018-1272	False positive Code doesn't use the generateMultipartBoundary() method in the MimeTypeUtils class	Plan to update the no vulnerability version in D version
vfc/nfvo/driver/vnfm/svnfm/huawei vfc/nfvo/driver/vnfm/gvnfm vfc-nfvo-multivimproxy vfc-nfvo-resmanagement	org.eclipse.jetty.aggregate	jetty-all	8.1.16.v20140903	CVE-2017-9735	False positive Code doesn't use `boolean check(Object credentials)` function in the `Password.java`	Plan to update the no critical vulnerability version in D version
vfc/nfvo/driver/vnfm/svnfm/huaweivfc/nfvo/driver/vnfm/gvnfmvfc-nfvo-multivimproxy vfc-nfvo-resmanagement	org.springframework	spring-expression	3.1.0.RELEASE	CVE-2018-1257	False positive Code doesn't use the getValueInternal() method in the OperatorMatches class	Plan to update the no vulnerability version in D version
vfc/nfvo/driver/vnfm/svnfm/huaweivfc/nfvo/driver/vnfm/gvnfm vfc-nfvo-multivimproxy vfc-nfvo-resmanagement	org.apache.cxf	cxf-rt-transports-http	3.1.6	CVE-2016-6812	False positive Code doesn't use FormattedServiceListWriter	Plan to update the no vulnerability version in D versionvfc/nfvo/driver/vnfm/svnfm/huawe
vfc/nfvo/driver/vnfm/gvnfm vfc-nfvo-resmanagement	org.springframework	spring-web	3.2.14.RELEASE	CVE-2018-11039	False positive Code doesn't use HiddenHttpMethodFilter class	Plan to update the no vulnerability version in D version
vfc/nfvo/driver/vnfm/svnfm/huawei	commons-httpclient	commons-httpclient	3.1	CVE-2012-5783	False positive Code doesn't use it for the verification of the SSL certificate	Will trying to replace this jar with other jars in D release
vfc/nfvo/driver/vnfm/svnfm/huawei	commons-httpclient	commons-httpclient	3.1	CVE-2012-6153	False positive Code doesn't use it for the verification of the SSL certificate	Will trying to replace this jar with other jars in D release
vfc/nfvo/driver/vnfm/svnfm/huawei vfc/nfvo/driver/vnfm/gvnfm vfc-nfvo-multivimproxy vfc-nfvo-resmanagement	org.apache.cxf	cxf-core	3.1.6	CVE-2017-12624	False positive Code doesn't use the readLine() function in the AttachmentDeserializer class and get() function in the MessageContextImpl class and the ContentDisposition() function in the ContentDisposition class	False positive.No Action. There is no non vulnerable version of this componentvfc/nfvo/driver/vnfm/svnfm/huawei
vfc/nfvo/driver/vnfm/gvnfm vfc-nfvo-multivimproxy vfc-nfvo-resmanagement	org.apache.cxf	cxf-rt-frontend-jaxrs	3.1.6	CVE-2017-12624	False positive Code doesn't use the readLine() function in the AttachmentDeserializer class and get() function in the MessageContextImpl class and the ContentDisposition() function in the ContentDisposition class	Plan to update the no vulnerability version in D versionvfc/nfvo/driver/vnfm/svnfm/huawe
vfc/nfvo/driver/vnfm/gvnfm vfc-nfvo-multivimproxy vfc-nfvo-resmanagement	org.springframework	spring-core	3.1.0.RELEASE	CVE-2014-3578	False positive Code doesn't use ResourceHttpRequestHandler to check for directory traversal	Plan to update the no vulnerability version in D version
vfc/nfvo/driver/vnfm/svnfm/huawei vfc/nfvo/driver/vnfm/gvnfm vfc-nfvo-multivimproxy vfc-nfvo-resmanagement	org.eclipse.jetty.aggregate	jetty-all	8.1.16.v20140903	CVE-2018-12536	False positive	Plan to update the no critical vulnerability version in D version
vfc/nfvo/driver/vnfm/gvnfm vfc-nfvo-multivimproxy vfc-nfvo-resmanagement	commons-beanutils	commons-beanutils	1.8.0	CVE-2014-0114	False positive net.sf.json-lib:json-lib:2.4 depend on this This vulnerability issue is an indirect dependency introduced by vfc/nfvo/driver/vnfm/gvnfm/juju	False positive
vfc/nfvo/driver/vnfm/gvnfm vfc-nfvo-multivimproxy vfc-nfvo-resmanagement	org.codehaus.jackson	jackson-mapper-asl	1.9.13	CVE-2017-7525	False positive Version 1.9.13 is already newest. There is no non vulnerable version of this component. We don’t use Jackson directly and don’t use createBeanDeserializer() function which has the vulnerability. We were unable to find any reference to this Vulnerability	False positive.No Action. No version with a fix is currently available.
vfc/nfvo/driver/vnfm/gvnfm	org.apache.commons	commons-compress	1.9	SONATYPE-2018-0293	no vulnerability analysis	Plan to update the no vulnerability version in D version
vfc/nfvo/driver/vnfm/gvnfm	org.apache.commons	commons-compress	1.9	CVE-2018-11771	False positive Code doesn't use the readStored() method in ZipArchiveInputStream.class	Plan to update the no vulnerability version in D version
vfc-nfvo-driver-ems	com.fasterxml.jackson.core	jackson-databind	2.9.6	CVE-2018-7489	False positive Explaination: This vulnerability issue only exists if com.fasterxml.jackson.databind.ObjectMapper.setDefaultTyping() is called before it is used for deserialization. ems driver doesn't invoke this method	False positive.No Action. All of the existing jackson databind have vulnerabilities issues.
vfc-nfvo-driver-ems	xerces	xercesImpl	2.12.0	CVE-2012-0881	False positive ems driver is using this in the normal way. There is no non vulnerable version of this component	False positive There is no non vulnerable version of this component
vfc-nfvo-driver-ems	xerces	xercesImpl	2.12.0	SONATYPE-2017-0348	False positive ems driver haven't use the setupCurrentEntity??method in XMLEntityManager class	False positive
vfc-nfvo-driver-ems	javax.mail	mailapi	1.4.3	SONATYPE-2017-0492	Ems driver doesn't invoke getUniqueMessageIDValue() method	False positive
vfc-nfvo-multivimproxy	commons-beanutils	commons-beanutils	1.8.0	CVE-2014-0114	False positive net.sf.json-lib:json-lib:2.4 depend on this This vulnerability issue is an indirect dependency introduced by vfc/nfvo/resmanagement There is no non vulnerable version of this component.	False positive.No Action. No version with a fix is currently available.
vfc-nfvo-multivimproxy	org.codehaus.jackson	jackson-mapper-asl	1.9.12	CVE-2017-7525	False positive Version 1.9.13 is already newest. There is no non vulnerable version of this component. We don’t use Jackson directly and don’t use createBeanDeserializer() function which has the vulnerability. We were unable to find any reference to this Vulnerability	False positive.No Action. No version with a fix is currently available.
vfc-nfvo-driver-svnfm-nokiav2	org.springframework	spring-web	5.0.9.RELEASE	CVE-2018-15756	False positive Code didn't use the toResourceRegions() and parseRanges() methods in the HttpRange class	False positive.No Action.
vfc-nfvo-driver-svnfm-nokiav2	org.springframework.security	spring-security-web	5.0.8.RELEASE	SONATYPE-2017	False positive Code didn't use the doFilter() method in the SwitchUserFilter Class	False positive.No Action. No version with a fix is currently available.

Space shortcuts

Page tree

Versions Compared

Old Version 2

New Version Current

Key