A06:2021 - Vulnerable and outdated components

Official Content
This documentation is valid for:

Vulnerable Components are a known issue concerning the security of applications. Below you can find a guideline of the actions to solve these vulnerabilities.

Read more at: Vulnerable and Outdated Components - OWASP Documentation

Actions by GeneXus

  • GeneXus uses a set of public standard classes. You can find them here: GeneXus Standard Classes

  • GeneXus updates its dependencies on every release.

  • GeneXus fixes known vulnerabilities on its releases.

Actions by Developers

  • Upgrade to the latest GeneXus version.

  • Verify third-party components used against known vulnerabilities in databases, mailing lists, etc.

  • Check for User Controls, Extensions, Patterns and External object dependencies.     

    • Security Scanner helps to detect this scenario with case codes #120 & #121.    

  • Change the database driver to the latest on deployment.

  • Verify the server software is up to date.

  • Implement security policies.


Since GeneXus 18 upgrade 1.