IBM Support

AppScan finds vulnerabilities in Cordova

Technote (troubleshooting)


Problem(Abstract)

AppScan finds vulnerabilities in the version of Cordova shipped with MobileFirst Platform Foundation V7.1.

Resolving the problem

These are most likely false positives.

AppScan is testing for these vulnerabilities by testing the Cordova version number.  For the version of Cordova shipped with MobileFirst Platform Foundation V7.1, this is an unreliable method of testing for the presence of a Cordova vulnerability, and may produce misleading results.  There is an older version of Cordova with MobileFirst Platform 7.1, but when Cordova vulnerabilities are published, the fixes are backported into the version of Cordova, without changing the Cordova version number.  The Cordova version is not updated when interim fixes are published, due to the risk of breaking existing applications. Therefore, the actual Cordova version used with the product is not changed except between major releases.

Document information

More support for: Maximo Anywhere

Software version: Version Independent

Operating system(s): Platform Independent

Reference #: 1989966

Modified date: 22 September 2016