IBM Support

AppScan finds vulnerabilities in Cordova

Troubleshooting


Problem

AppScan finds vulnerabilities in the version of Cordova shipped with MobileFirst Platform Foundation V7.1.

Resolving The Problem

These are most likely false positives.

AppScan is testing for these vulnerabilities by testing the Cordova version number.  For the version of Cordova shipped with MobileFirst Platform Foundation V7.1, this is an unreliable method of testing for the presence of a Cordova vulnerability, and may produce misleading results.  There is an older version of Cordova with MobileFirst Platform 7.1, but when Cordova vulnerabilities are published, the fixes are backported into the version of Cordova, without changing the Cordova version number.  The Cordova version is not updated when interim fixes are published, due to the risk of breaking existing applications. Therefore, the actual Cordova version used with the product is not changed except between major releases.

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSPJLC","label":"Maximo Anywhere"},"Component":"--","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.6.0;7.6.1;7.6.2;7.6.2.1;7.6.3;7.6.3.1;","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}}]

Document Information

Modified date:
24 January 2020

UID

swg21989966