API Portal : Jquery 2.2.4?CVE-2015-9251?

book

Article ID: 128839

calendar_today

Updated On:

Products

CA API Developer Portal CA API Gateway

Issue/Introduction



API Portal3.5 CR9

Does API Portal take the influence of the security vulnerability? 
・CVE-2015-9251 

If so, is the fix included in the product? 
Or, can the customer upgrade Jquery individually? 
Jquery 2.2.4 -> Jquery 3.x 

CVE-2015-9251 is published in 2018/1. 
It is before the release of API Portal 3.5 CR9. 
If API Gateway uses Jquery, why was a vulnerable version adopted?

Environment

Release:
Component: APIPRD

Resolution

This vulnerability only exists when cross domain ajax requests are made.
The API Portal does not make cross domain ajax requests, and is not affected.