Highlighted

Cross site Scripting :DOM and other security vulnerabilities in RH2017/ 2019

New Here ,
Feb 01, 2019

Copy link to clipboard

Copied

Our IT team use HP Fortify scanner to verify webhelp content created from RH 2017 (13.0.2.334)  which identified 15 Cross site scripting vulnerabilities along with 3 dynamic code evaluation and one open redirect flaw.  This is in a small help file of approx 50 pages!

Looking in this forum this seems to be a long running issue with RH over a number of versions.

Adobe help suggested upgrade to 2019 free trial version - which i did, but majority of issues remain unresolved.  Latest communication from Adobe says they acknowledge the bug and will look to fix on a future release.  That really doesn't help when we have products due for launch imminently  where i am supplying the help content and our IT team will not allow the files  to be used  -and also existing help files in live products are now likely to be withdrawn.

I am not technically savvy, but these issues seem to be very serious and the continual solution seems to be "Buy the latest version"  - indicating no appetite for fixing currently owned software?

Does anyone have a solution which can be implemented as i believe happened with RH 11 or 2015 versions?

Thanks

Views

145

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

Cross site Scripting :DOM and other security vulnerabilities in RH2017/ 2019

New Here ,
Feb 01, 2019

Copy link to clipboard

Copied

Our IT team use HP Fortify scanner to verify webhelp content created from RH 2017 (13.0.2.334)  which identified 15 Cross site scripting vulnerabilities along with 3 dynamic code evaluation and one open redirect flaw.  This is in a small help file of approx 50 pages!

Looking in this forum this seems to be a long running issue with RH over a number of versions.

Adobe help suggested upgrade to 2019 free trial version - which i did, but majority of issues remain unresolved.  Latest communication from Adobe says they acknowledge the bug and will look to fix on a future release.  That really doesn't help when we have products due for launch imminently  where i am supplying the help content and our IT team will not allow the files  to be used  -and also existing help files in live products are now likely to be withdrawn.

I am not technically savvy, but these issues seem to be very serious and the continual solution seems to be "Buy the latest version"  - indicating no appetite for fixing currently owned software?

Does anyone have a solution which can be implemented as i believe happened with RH 11 or 2015 versions?

Thanks

Views

146

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Adobe Employee ,
Feb 01, 2019

Copy link to clipboard

Copied

Hi Phil England,

would you mind sharing the HP Fortify report directly with the specialized Adobe Technical Communication support (tcssup@adobe.com)? Please put me on CC (please see my Private Forum message for my email address).

Kind regards,

Stefan Gentz

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...