AppScan finds vulnerabilities in Cordova
AppScan finds vulnerabilities in the version of Cordova shipped with MobileFirst Platform Foundation V7.1.
Resolving the problem
These are most likely false positives.
AppScan is testing for these vulnerabilities by testing the Cordova version number. For the version of Cordova shipped with MobileFirst Platform Foundation V7.1, this is an unreliable method of testing for the presence of a Cordova vulnerability, and may produce misleading results. There is an older version of Cordova with MobileFirst Platform 7.1, but when Cordova vulnerabilities are published, the fixes are backported into the version of Cordova, without changing the Cordova version number. The Cordova version is not updated when interim fixes are published, due to the risk of breaking existing applications. Therefore, the actual Cordova version used with the product is not changed except between major releases.