Skip to content
Share
Explore
Pentesting actions
M2 Vulnerabilities (ES/PT - Dosfarma)
Reference
Stores
Vulnerability
Criticity
Business Impact
Owner
Team
Status
No Action reason
1
MED-1
ES
PT
Dosfarma
DOM based XSS in the field query
Medium
Medium
i4
Not started
To be prioritized
2
MED-2
ES
PT
Dosfarma
User account theft using authentication delegation
Medium
Medium
i4
Not started
To be prioritized - Also to decide if we want to have an ‘Account verification process’ to validate the account
3
MED-3
Dosfarma
Automatic user enumeration possible
Medium
Medium
i4
Not started
Netace should prevent this problem (but only ES + PT)
4
INFO-1
ES
PT
Dosfarma
Arbitrary method request do not send a 405 error
Info
Low
Teradisk
In progress
5
INFO-2
ES
PT
Dosfarma
Disclosure version in the HTTP responses
Info
Low
Teradisk
Done
6
INFO-3
ES
PT
Dosfarma
HTTP headers Content Security Policy missing
Info
Low
i4
Done
7
INFO-4
ES
PT
Dosfarma
Potentially outdated nginx version
Info
Low
Teradisk
No action
8
INFO-5
ES
PT
Dosfarma
Session timeout too long
Info
Low
Atida
No action
For business reasons we prefer to keep a long session
9
INFO-6
ES
PT
Dosfarma
The system of double submit cookie is not completely secure
Info
Low
i4
Not started
To be prioritized
There are no rows in this table
Want to print your doc?
This is not the way.
This is not the way.
Try clicking the ⋯ next to your doc name or using a keyboard shortcut (
CtrlP
) instead.