chore(findings): parasoft/license-server
Summary
parasoft/license-server has 47 new findings discovered during continuous monitoring.
id | source | severity | package |
---|---|---|---|
CVE-2022-46364 | Twistlock CVE | Critical | org.apache.cxf_cxf-core-3.5.1 |
CVE-2022-46363 | Twistlock CVE | High | org.apache.cxf_cxf-core-3.5.1 |
GHSA-3w37-5p3p-jv92 | Anchore CVE | Medium | cxf-core-3.5.1 |
GHSA-x3x3-qwjq-8gj4 | Anchore CVE | Critical | cxf-core-3.5.1 |
GHSA-3w37-5p3p-jv92 | Anchore CVE | Medium | cxf-core-3.5.1 |
GHSA-x3x3-qwjq-8gj4 | Anchore CVE | Critical | cxf-core-3.5.1 |
CVE-2022-46364 | Anchore CVE | Critical | cxf-rt-ws-policy-3.5.1 |
CVE-2022-46363 | Anchore CVE | High | cxf-rt-wsdl-3.5.1 |
CVE-2022-46363 | Anchore CVE | High | cxf-rt-databinding-jaxb-3.5.1 |
CVE-2022-46364 | Anchore CVE | Critical | cxf-rt-bindings-xml-3.5.1 |
CVE-2022-46363 | Anchore CVE | High | cxf-rt-databinding-aegis-3.5.1 |
CVE-2022-46364 | Anchore CVE | Critical | cxf-rt-transports-http-3.5.1 |
CVE-2022-46363 | Anchore CVE | High | cxf-rt-databinding-jaxb-3.5.1 |
CVE-2022-46364 | Anchore CVE | Critical | cxf-rt-databinding-jaxb-3.5.1 |
CVE-2022-46363 | Anchore CVE | High | cxf-rt-bindings-soap-3.5.1 |
CVE-2022-46363 | Anchore CVE | High | cxf-rt-wsdl-3.5.1 |
CVE-2022-46364 | Anchore CVE | Critical | cxf-rt-frontend-jaxws-3.5.1 |
CVE-2022-46364 | Anchore CVE | Critical | cxf-rt-databinding-jaxb-3.5.1 |
CVE-2022-46364 | Anchore CVE | Critical | cxf-rt-databinding-aegis-3.5.1 |
CVE-2022-46363 | Anchore CVE | High | cxf-rt-bindings-soap-3.5.1 |
CVE-2022-46364 | Anchore CVE | Critical | cxf-rt-wsdl-3.5.1 |
CVE-2022-46363 | Anchore CVE | High | cxf-rt-ws-addr-3.5.1 |
CVE-2022-46364 | Anchore CVE | Critical | cxf-rt-ws-addr-3.5.1 |
CVE-2022-46363 | Anchore CVE | High | cxf-rt-transports-http-3.5.1 |
CVE-2022-46363 | Anchore CVE | High | cxf-rt-bindings-xml-3.5.1 |
CVE-2022-46364 | Anchore CVE | Critical | cxf-rt-transports-http-3.5.1 |
CVE-2022-46363 | Anchore CVE | High | cxf-rt-databinding-aegis-3.5.1 |
CVE-2022-46363 | Anchore CVE | High | cxf-rt-frontend-simple-3.5.1 |
CVE-2022-46363 | Anchore CVE | High | cxf-rt-ws-policy-3.5.1 |
CVE-2022-46363 | Anchore CVE | High | cxf-rt-frontend-jaxws-3.5.1 |
CVE-2022-46363 | Anchore CVE | High | cxf-rt-frontend-simple-3.5.1 |
CVE-2022-46364 | Anchore CVE | Critical | cxf-rt-ws-addr-3.5.1 |
CVE-2022-46364 | Anchore CVE | Critical | cxf-rt-wsdl-3.5.1 |
CVE-2022-46363 | Anchore CVE | High | cxf-rt-transports-http-3.5.1 |
CVE-2022-46363 | Anchore CVE | High | cxf-rt-ws-policy-3.5.1 |
CVE-2022-46364 | Anchore CVE | Critical | cxf-rt-frontend-simple-3.5.1 |
CVE-2022-46363 | Anchore CVE | High | cxf-rt-ws-addr-3.5.1 |
CVE-2022-46364 | Anchore CVE | Critical | cxf-rt-bindings-xml-3.5.1 |
CVE-2022-46364 | Anchore CVE | Critical | cxf-rt-frontend-simple-3.5.1 |
CVE-2022-46363 | Anchore CVE | High | cxf-rt-frontend-jaxws-3.5.1 |
CVE-2022-46364 | Anchore CVE | Critical | cxf-rt-bindings-soap-3.5.1 |
CVE-2022-46363 | Anchore CVE | High | cxf-rt-bindings-xml-3.5.1 |
CVE-2022-46364 | Anchore CVE | Critical | cxf-rt-databinding-aegis-3.5.1 |
CVE-2022-46364 | Anchore CVE | Critical | cxf-rt-bindings-soap-3.5.1 |
CVE-2022-46364 | Anchore CVE | Critical | cxf-rt-ws-policy-3.5.1 |
CVE-2022-46364 | Anchore CVE | Critical | cxf-rt-frontend-jaxws-3.5.1 |
GHSA-mjmj-j48q-9wg2 | Anchore CVE | High | snakeyaml-1.31 |
VAT: https://vat.dso.mil/vat/image?imageName=parasoft/license-server&tag=2022.2.1&branch=master
More information can be found in the failed pipeline located here: https://repo1.dso.mil/dsop/parasoft/parasoft/licenseserver/-/jobs/17018009
Tasks
Contributor:
-
Provide justifications for findings in the VAT (docs) -
Apply the HardeningApproval label to this issue and wait for feedback
Iron Bank:
-
Review findings and justifications -
Send approval request to Authorizing Official -
Close issue after approval from Authorizing Official
Note: If the above approval process is rejected for any reason, the
Approval
label will be removed and the issue will be sent back toOpen
. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add theApproval
label.
Questions?
Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding
.
Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.