API Portal : Jquery 2.2.4?CVE-2015-9251?

Article Id: 128839
Status: Published
Updated On: 05-03-2019 17:31
Products:
CA API Developer Portal , CA API Gateway
Issue/Introduction:



API Portal3.5 CR9

Does API Portal take the influence of the security vulnerability? 
・CVE-2015-9251 

If so, is the fix included in the product? 
Or, can the customer upgrade Jquery individually? 
Jquery 2.2.4 -> Jquery 3.x 

CVE-2015-9251 is published in 2018/1. 
It is before the release of API Portal 3.5 CR9. 
If API Gateway uses Jquery, why was a vulnerable version adopted?

Environment:

Release:
Component: APIPRD

Resolution:

This vulnerability only exists when cross domain ajax requests are made.
The API Portal does not make cross domain ajax requests, and is not affected.