Insecure Third Party Component


Description

The application uses an insecure third party component. One or more third party components used by the application contain a vulnerability. Attackers can use public information regarding vulnerabilities in third party components in order to execute attacks against the application.

Impact

Attackers can use publicly available information in order to exploit vulnerabilities in third party libraries, frameworks, or other components. In many cases, these vulnerabilities are identified and exploited using automated attack tools. Even if the application is secure, a vulnerability in a third party component can be used to attack the application and its supporting infrastructure. Depending on the severity of the vulnerability, an attacker may be able to gain remote access, execute code, or extract sensitive data. For third party components that are unsupported, additional security flaws may be identified at a later date that will not be published or remediated by the vendor.

Risk Rating

Remediation

How To Test

Sample Report Screenshots

Time Saving Tips

Testing Gotchas

References

 

Subscribe here in order to gain access to the AppSec Findings Database

 

Leave a Reply