ishenwei/nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2ed46e251de6a0043e5cc0cffbe37ba5660af22f
nexus/knowledgebase/csd-wiki/ICSD/APM---CITI---Reported-Vulnerabilities-and-Issues_696523815.md
weishen 3f2e1765d8 Auto-sync: 2026-04-18 17:09
2026-04-18 17:09:43 +08:00

2.9 KiB
Raw Blame History

APM---CITI---Reported-Vulnerabilities-and-Issues_696523815

Ticket UT Vulnerabilities Reported in APM 960 version in March 2025 Owner Priority CPE Cases Comments Status Apply on Staging Deadline to implement on prod
SD00496396/IM00495939 Cross-site Scripting - DOM Based. Issue Discovered from Vulnerability Assessment SubbaReddy H1 OCTIM19G2471704 - Fix applied on 33F staging farm, positive feedback from customer. Closed Completed Completed
SD00496831/IM00496084 Cross-site Scripting (Pre-Authentication) Issue Discovered from Vulnerability Assessment SubbaReddy H1 OCTIM19G2472007 - Retest successful - Deployed on production environment on the 25th of May Closed 02 May 2025 18 May 2025
SD00496835/IM00496087 Unauthorized Write Access (Post-authentication) Issue Discovered from Vulnerability Assessment SubbaReddy H2 OCTIM19G2472008 - H2 issue retest successful - Applied on the Production HF on 20 th July. Closed 22 Jun 2025 20 Jul 2025
IM00496092/SD00496846 Weak Password Complexity Issue Discovered from Vulnerability Assessment SubbaReddy H3 OCTIM19G2472009 - No password complexity to be implemented, the customer confirmed retest was successful. Closed
IM00496093/SD00496849 No Account Lockout After Multiple Failed Attempts Issue Discovered from Vulnerability Assessment SubbaReddy H5 OCTIM19G2472010 - No password complexity to be implemented, the customer confirmed retest was successful. Closed
IM00496100/SD00496860 Sensitive Information Passed in Cleartext in GET URL Issue Discovered from Vulnerability Assessment SubbaReddy M2 OCTIM19G2473081 - Fix deployed on staging, awaiting customer feedback - Confirmation received from customer that pretest is successful. - To be applied this weekend to prod Closed 02 May 2025 08 Jun 2025
IM00496099/SD00496859 Suspicious Files Found in Recursive Directory Issue Discovered from Vulnerability Assessment SubbaReddy M1 OCTIM19G2473082 - Validated with RnD Team that the files are required for APM, justification provided to the customer. The customer confirmed this can be closed Closed
IM00496101/SD00496861 Session Remains Active After Logout Issue Discovered from Vulnerability Assessment SubbaReddy M3 OCTIM19G2472092 - New fix applied, still not working - RnD investigation required. Under investigation 28 Aug 2025
IM00496102/SD00496863 Server-Side Request Forgery Issue Discovered from Vulnerability Assessment SubbaReddy M4 OCTIM19G2473083 Closed 01 Jun 2025 22 Jun 2025
IM00495787/SD00496057 BPM Agents Tab Error SubbaReddy H4 OCTIM19G2471324 - This was blocked by Vulnerability was detected in 2022, provided the details to customer, pending with VA retest. Closed Completed
Reference in New Issue View Git Blame Copy Permalink