Products Products
Support & Forums Support & Forums
Compliance Testing Compliance Testing
Labs & Sandboxes Labs & Sandboxes
Program Program
Co-Marketing Co-Marketing
Avaya Experience Platform Avaya Enterprise Cloud Avaya Client SDK Avaya Aura Platform See All Products Find Developer Resources

Avaya Experience Platform

Overview Interfaces Learning Support Options Compliance Testing

Avaya Enterprise Cloud

Overview Interfaces Learning Support Options Compliance Testing

Avaya Client SDK

Overview Programming Docs Developer Downloads Licensing Support & Testing

Avaya Aura Platform

Application Enablement Services Communication Manager Presence Services Snap-in Session Manager System Manager Session Border Controller
About DevConnect Support Submit Support Tickets Support Forums Other Support Options

About DevConnect Support

Support Options Support FAQs Supported Platforms and Interfaces

Submit Support Tickets

Procured System Support
For procurement issues or questions Remote Lab Support
For issues and questions related to DevConnect remote labs Membership & Program Support
For membership and program benefits questions General Support
For general issues not covered by the other support tickets

Support Forums

Avaya Client SDK AEServices DMCC APIs AEServices JTAPI AEServices Web Services Avaya Workspaces Avaya Experience Platform Orchestration Designer All Forums

Other Support Options

Product Notices Non-DevConnect Support Resources

Compliance Testing

About Compliance Testing Compliance Tested Solutions

About Compliance Testing

Compliance Testing Overview Avaya Interfaces Eligible For Testing Compliance Testing FAQs Compliance Testing Guide(s) (PDF)

Compliance Tested Solutions

DevConnect Marketplace Search Applications Notes

Labs & Sandboxes

Remote Labs Procurement Benefits

Remote Labs

Remote Labs Overview Avaya Aura Session Manager Avaya Aura AE Services & Communication Manager Self Services (Experience Portal) Avaya Proactive Outreach Manager Avaya Contact Center Elite

Procurement Benefits

About DevConnect Procurement Access/View Procurement Catalog Procurement FAQs DevConnect Procured System Support

Program

Program Overview Program Benefits Membership Options

Program Overview

DevConnect Membership Levels DevConnect Program Guide (PDF) DevConnect Program FAQs

Program Benefits

Membership Benefits DevConnect Procurement Co-marketing

Membership Options

Manage My Portfolio/Solutions Manage My Profile

Co-Marketing

Co-Marketing Benefits Relationship Benefits

Co-Marketing Benefits

Co-Marketing Overview Logos Marketplace Co-branded Collateral Select Product Program

Relationship Benefits

Social Media 8-and-Out Podcasts Sponsorships Advertising

Author Message
26/08/2022 11:34:04
Subject: OD 8.1: XSS vulnerabilities detected in scert-08.10.06.01.jar file
#1
SamDionne
Joined: Sep 14, 2017
Messages: 1
Offline
Hello Devconnect team

A customer has reported multiple security vulnerabilities being detected related to Java archive files exported with each OD Application .war.

I have requested the customer to ensure they have HTML mode disabled, per OD 8.1 release notes related to XSS, on page 4:
https://www.devconnectprogram.com/fileMedia/download/7481d19e-975b-4208-9749-f25396d56456

If the customer has HTML mode disabled in their Applications, is there a way to remove these files safely? Otherwise, can these vulnerabilities be corrected?

Attached the list of vulnerabilities being reported.

OD version is 8.1.0.0601

Files:
scert-08.10.06.01.jar
validate-IC.jsp
validate-ws.jsp
validate-CTI.jsp
validate-common.jsp
validate-head.jsp

Thank you
Filename vulnerabilities.txt [Disk] Download
PM
29/08/2022 11:14:15
Subject: OD 8.1: XSS vulnerabilities detected in scert-08.10.06.01.jar file
#2
massimo__croci
Joined: Jan 31, 2020
Messages: 518
Offline
Hi. For your request, you should open an new SR (Service Request) ticket with Avaya Support (https://support.avaya.com/service-requests/enterticket.action) including the vulnerabilities.txt file on attachments.
PM
Go to:   
Mobile view