API Portal : Jquery 2.2.4?CVE-2015-9251?
Article ID: 128839
CA API Developer Portal
CA API Gateway
API Portal3.5 CR9
Does API Portal take the influence of the security vulnerability?
If so, is the fix included in the product?
Or, can the customer upgrade Jquery individually?
Jquery 2.2.4 -> Jquery 3.x
CVE-2015-9251 is published in 2018/1.
It is before the release of API Portal 3.5 CR9.
If API Gateway uses Jquery, why was a vulnerable version adopted?
This vulnerability only exists when cross domain ajax requests are made.
The API Portal does not make cross domain ajax requests, and is not affected.