Feature #248: [Security Audit Round 2 ] Framework Obsolete Version in usage (Repeated) - E-Arogya - Redmine

Actions

Copy link

Feature #248

open

Feature #235: [Security Audit Round 2 ]

[Security Audit Round 2 ] Framework Obsolete Version in usage (Repeated)

Added by Kalyan Battula 12 months ago. Updated 11 months ago.

Status:

Resolved

Priority:

High

Assignee:

Vasu Malladi

Category:

Target version:

Sprint 3 (14th to 17th May 2024)

Start date:

01/05/2024

Due date:

% Done:

Estimated time:

Deployed In:

Category:

Description

Framework Obsolete Version in usage (Repeated)
observation : Repeated
CWE : CWE-1035
Description :
It is observed that java spring boot older version in usage.
Affected Path(s) :
/(Webserver)
Impact :
Known type of vulnerabilities exists in the application due to the usage of lower version.
Evidence/Proof Of Concept :
Step 1: Outdated Spring boot Framework version is being used in the application.

Step 2: It is found that 2.5.4 version life support is ended on May 10, 2023

Step 3: Share updated POC for next level audit
Recommendation :
It is recommended to upgrade to the latest stable and secure version of springframework.

Files

Download all files

clipboard-202405011242-juhij.png (22.7 KB) clipboard-202405011242-juhij.png		Kalyan Battula, 01/05/2024 12:42 PM
clipboard-202405011242-kcqdn.png (85.9 KB) clipboard-202405011242-kcqdn.png		Kalyan Battula, 01/05/2024 12:42 PM