https://community.dynatrace.com/t5/Troubleshooting/False-positive-results-for-vulnerabilities/ta-p/229343 <DIV class="lia-message-template-content-zone"> <P class="sc-cwHptR exAGXd sc-dAbbOL erszSe sc-3b06fd1c-0 ivrEIu" data-testid="paragraph">A vulnerability might be identified incorrectly. Possible reasons for false positives include:</P> <DIV class="sc-6646062a-0 ivCgmd"> <UL class="sc-gFqAkR iImZDA"> <LI class="sc-ikkxIA cKpUwy">The extracted information from the software component isn't correct and a wrong library was identified (for example, due to wrong information in the<SPAN>&nbsp;</SPAN><CODE class="sc-cwHptR dSjKiw sc-jEACwC bbjJsP" data-testid="code">pom.xml</CODE><SPAN>&nbsp;</SPAN>file).</LI> <LI class="sc-ikkxIA cKpUwy"> <P class="sc-cwHptR exAGXd" data-testid="text">The identified version of the library has a version string (or a well-known identifier) that was incorrectly parsed or compared. If you see any false positive results, please open a support ticket to help us improve Application Security monitoring.</P> </LI> <LI class="sc-ikkxIA cKpUwy">A vulnerability in a certain library is only exploitable if used in combination with a particular runtime version, but the application with the library is run using a different runtime version. You can mute the vulnerability for the process groups where a different runtime version is used.</LI> <LI data-stringify-indent="0" data-stringify-border="1">The application uses string caches which might lead to false-positive attacks and code-level vulnerabilities.</LI> </UL> </DIV> <P class="sc-cwHptR exAGXd sc-dAbbOL erszSe sc-3b06fd1c-0 ivrEIu" data-testid="paragraph">For more information on how to identify false positives, query the relevant process for information via API, and mute false positives, see<SPAN>&nbsp;</SPAN><A class="sc-eDPEul hkhbXm sc-2d500c67-0 sc-68987768-1 gPHVzu bsktS" href="https://dt-url.net/id0346x" target="_blank" rel="noopener noreferrer" data-testid="external-link">Reported vulnerability is considered as a false positive</A>.</P> </DIV> Thu, 21 Mar 2024 19:20:00 GMT TeoMoldovanu 2024-03-21T19:20:00Z https://community.dynatrace.com/t5/Troubleshooting/False-positive-results-for-vulnerabilities/ta-p/229343 <DIV class="lia-message-template-content-zone"> <P class="sc-cwHptR exAGXd sc-dAbbOL erszSe sc-3b06fd1c-0 ivrEIu" data-testid="paragraph">A vulnerability might be identified incorrectly. Possible reasons for false positives include:</P> <DIV class="sc-6646062a-0 ivCgmd"> <UL class="sc-gFqAkR iImZDA"> <LI class="sc-ikkxIA cKpUwy">The extracted information from the software component isn't correct and a wrong library was identified (for example, due to wrong information in the<SPAN>&nbsp;</SPAN><CODE class="sc-cwHptR dSjKiw sc-jEACwC bbjJsP" data-testid="code">pom.xml</CODE><SPAN>&nbsp;</SPAN>file).</LI> <LI class="sc-ikkxIA cKpUwy"> <P class="sc-cwHptR exAGXd" data-testid="text">The identified version of the library has a version string (or a well-known identifier) that was incorrectly parsed or compared. If you see any false positive results, please open a support ticket to help us improve Application Security monitoring.</P> </LI> <LI class="sc-ikkxIA cKpUwy">A vulnerability in a certain library is only exploitable if used in combination with a particular runtime version, but the application with the library is run using a different runtime version. You can mute the vulnerability for the process groups where a different runtime version is used.</LI> <LI data-stringify-indent="0" data-stringify-border="1">The application uses string caches which might lead to false-positive attacks and code-level vulnerabilities.</LI> </UL> </DIV> <P class="sc-cwHptR exAGXd sc-dAbbOL erszSe sc-3b06fd1c-0 ivrEIu" data-testid="paragraph">For more information on how to identify false positives, query the relevant process for information via API, and mute false positives, see<SPAN>&nbsp;</SPAN><A class="sc-eDPEul hkhbXm sc-2d500c67-0 sc-68987768-1 gPHVzu bsktS" href="https://dt-url.net/id0346x" target="_blank" rel="noopener noreferrer" data-testid="external-link">Reported vulnerability is considered as a false positive</A>.</P> </DIV> Thu, 21 Mar 2024 19:20:00 GMT https://community.dynatrace.com/t5/Troubleshooting/False-positive-results-for-vulnerabilities/ta-p/229343 TeoMoldovanu 2024-03-21T19:20:00Z