Hi Team,

As part of the vulnerability test our client engaged “Veracode” to do static code analysis.

The tool has identified quite a few flaws in out of the box Chordiant API’s. We have mitigated that these flaws are from Chordiant framework jars which we will not able to do any modifications. Due to these flaws our client doesn’t signoff for go live.

I have attached the Veracode report for your review. We have checked the class names in the report and identified the following OOTB jars which are having flaws.

café.jar, café-tags.jar, csa-servlets.jar, ctiChordiant.jar, ctigenesysinteraction.jar, ctigenesysplatform.jar, ctimanager.jar, ctivruservices.jar, ctkimanager.jar, dialogserver.jar, ic.jar, jxbinterface.jar, jxbservice.jar, jxcore.jar, jxe.jar, jxp.jar, jxpBasePersistanceImpl.jar, jxrules.jar, jxw.jar, jxwTemplateCompiler.jar, lookuptable.jar, myfaces-impl-1.1.5.jar, odconnector.jar, qrst.jar, stp.jar, userprofilecore.jar

Could you please review and let me know your thoughts.

Chordiant Version - 6.7

Thanks & Regards,

Ravi Kumar Reddy S.

Message was edited by: Vidyaranjan Av| Removed attachment