This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
New Article

False positive results for vulnerabilities

TeoMoldovanu
Dynatrace Helper
Dynatrace Helper

‎22 Nov 2023 12:10 PM - edited ‎14 Mar 2024 11:55 AM

A vulnerability might be identified incorrectly. Possible reasons for false positives include:

  • The extracted information from the software component isn't correct and a wrong library was identified (for example, due to wrong information in the pom.xml file).

  • The identified version of the library has a version string (or a well-known identifier) that was incorrectly parsed or compared. If you see any false positive results, please open a support ticket to help us improve Application Security monitoring.

  • A vulnerability in a certain library is only exploitable if used in combination with a particular runtime version, but the application with the library is run using a different runtime version. You can mute the vulnerability for the process groups where a different runtime version is used.
  • The application uses string caches which might lead to false-positive attacks and code-level vulnerabilities.

For more information on how to identify false positives, query the relevant process for information via API, and mute false positives, see Reported vulnerability is considered as a false positive.

Version history
Last update:
‎14 Mar 2024 11:55 AM
Updated by:
Dynatrace Helper
li.common.scroll-to.top