Hi. Our security team is using the web application Acunnetix to scan and find any vulnerability on the web pages and web applications of our organization. The goal is to detect them and take proactive messures to prevent a potencial attack, data compromise, etc.
After running the analysis, they raised several alerts, which they catalog with different threat levels. The good news for us is that they didn't find any high risk alert. But the found several medium risk alerts. One medium risk alert that concern us, and prevents us from releasing the DSpace repository into production, is the following: *Same origin method execution (SOME)* Classification: CVSS3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Base Score: 4.3 Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality Impact: None Integrity Impact: Low Availability Impact: None CVSS2 Base Score: 4.3 Access Vector: Network_accessible Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None Exploitability: Not_defined Remediation Level: Not_defined Report Confidence: Not_defined Availability Requirement: Not_defined Collateral Damage Potential: Not_defined Confidentiality Requirement: Not_defined Integrity Requirement: Not_defined Target Distribution: Not_defined CWE CWE-20 Affected items /admin 1 /browse/author 6 /browse/dateissued 4 /browse/subject 4 /browse/title 5 /collections/11ca30c5-3153-4bde-8f56-78e4551251a8 1 /collections/1f250178-77ff-405d-8327-b6cb9ca3bafb 1 /collections/42e829be-53e8-45a8-9759-84af2625af89 1 /collections/5393a442-fc8b-4e09-be62-12acb19a68c9 1 /collections/5bd4b23e-71c5-4d9d-826e-fcbc9d160818 1 /collections/629bb30f-43f8-4be8-acca-36681b1b01d0 1 /collections/665b93e7-38f3-4409-ace8-06465570392f 1 /collections/8a841561-4cc0-4853-b793-79fd64400fb5 1 /collections/f6b29dcc-f0a8-430f-b947-cdbe82436908 1 /communities/0126647d-873a-46e7-9c9e-d023c7fea691 1 /communities/34310f22-81a0-4402-aae9-b678eb766b6a 1 /communities/34d97a60-b2fa-4698-81cc-0d839f0f567c 1 /communities/4f2eb171-8728-4d22-bd27-33aeb9d5ae0f 2 /communities/663a7aa4-fa3d-460b-9585-b31b5674e20a 1 /communities/79696ce9-39ed-4f67-80be-5948b848b1c8 1 /communities/7dc49154-f0b3-4902-9af3-71f8b27efad4 1 /communities/b3c7d2fc-c6c5-4878-ba4a-511a843c709c 1 /communities/dbef5fb5-3027-49d9-9bf0-0f2d44415146 3 /communities/e5098278-fff6-43dd-83b7-2d802d888f05 2 /communities/fe435281-084f-4ddf-ac9c-ad72081396ce 3 /community-list 1 /home 1 /info/end-user-agreement 1 /info/privacy 1 /items/0160ed5e-23f1-404c-a6c0-eff54fa186ea/full 15 /items/14bd319e-79ec-41a6-9b0b-75878b3710ee 1 /items/1c71b9fb-d855-43e1-a2af-6513c4aadb72 1 /items/22d2db70-e5da-4dda-ba49-831898db737c 1 /items/46ef5a91-dc55-47cf-8fc8-7940d3e0376b 1 /items/5fd00655-1f0a-4261-93de-42a1a06ef128 1 /items/65b7f719-d788-488a-90b7-8da0dad4a31e/full 1 /items/7103c7f2-5a5f-4392-92de-2e2bd194d522 1 /items/a28c20af-1b4f-4699-8aa7-219722ad2557 1 /items/a7e28886-ce18-4745-8500-ef09d7b62804 1 /items/b826e34a-2ba5-48ac-9ec3-4b28ffca855a 1 /items/c3ccd304-ae49-44e5-8d2a-36b928ca0b51/full 1 /items/cea61be5-8e79-4ab8-86d1-7f56852fe18a 1 /register 1 /reload/1727961770073 1 /search 8 /statistics 1 /statistics/collections/11ca30c5-3153-4bde-8f56-78e4551251a8 1 /statistics/items/0160ed5e-23f1-404c-a6c0-eff54fa186ea 1 /workflowitems After some research I don't find the way to prevent this alert from happening. Can someone give some advice on this matter? Thanks in advance. -- All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx --- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/dspace-tech/6f974a5c-ee35-4358-8ec6-360465b526d5n%40googlegroups.com.
