Your Privacy Matters: We use our own and third-party cookies to improve your experience on our website. By continuing to use the website we understand that you accept their use. Cookie Policy
35
Security Issue found in Veracode Scan
posted

Hello,

one of our customer requested a Security Scan of our Software using the VeraCode Platform. (https://www.veracode.com/) ...

We uploaded all of our binaries and started a scan. 

In this version of our Software, we use Infragistics 15.1 for our UI Components...

The Security Scan resulted in a few security issues, and some of them were located in the Infragistics Binaries:

1.) Infragistics.Win.UltraWinDock.Menus.UltraContextMenuManager - Attack Vector : user32_dll.SetWindowsHookExA() 

Refereneces : http://cwe.mitre.org/data/definitions/506.html

2.) Infragistics.Win.KeyboardHookManager - Attack Vector : user32_dll.SetWindowsHookExW

Refereneces : http://cwe.mitre.org/data/definitions/506.html

3.) Infragistics.Win.DropDownManager.ActivationChangeHookManager - Attack Vector : user32_dll.SetWindowsHookExW

Refereneces : http://cwe.mitre.org/data/definitions/506.html

Since these issues are flagged as high risk, our customer will definitely complain about them, and we cannot get rid of the Infragistics references...

Is there a way to fix this problem on our side? Are you aware of these issues?

Thank you for your help...