ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Vulnerability found on JQuery 1.7.1 for Automic Web Interface (AWI)

book

Article ID: 142640

calendar_today

Updated On:

Products

CA Automic Workload Automation - Automation Engine CA Automic Workload Automation - Automation Engine

Issue/Introduction

Multiple vulnerabilites have been identified.

 

Usage of Vulnerable component Jquery (1.7.1)

The application is using vulnerable version of Jquery (1.7.1)  might be vulnerable to XSS.

https://snyk.io/vuln/npm:jquery:20120206

https://www.cvedetails.com/vulnerability-list/vendor_id-6538/product_id-11031/version_id-235564/Jquery-Jquery-1.7.1.html

Automic Web Interface Version: Automic Web Interface 12.2.4.GA01-dev-feature-12.2.4-GA01-92808

Third Party License Information:

The MIT License http://opensource.org/licenses/MIT THIRD-PARTY-LICENSES/MIT.html
- jcl-over-slf4j-1.7.16.jar, Copyright 2004-2013 QOS.ch
- jsoup-1.8.3.jar, Copyright 2009-2015 Jonathan Hedley
- jul-to-slf4j-1.7.16.jar, Copyright 2004-2013 QOS.ch
- osgi-over-slf4j-1.7.7.jar, Copyright 2004-2013 QOS.ch
- slf4j-api-1.7.16.jar, Copyright 2004-2016 QOS.ch
- vaadin-slf4j-jdk14-1.6.1.jar, Copyright 2004-2013 QOS.ch
- SWFObject-v2.2, Copyright 2009 Bobby van der Sluis
- jQuery-1.7.1, Copyright 2015 The jQuery Foundation
- CodeMirror-5.4.0, Copyright 2015 by Marijn Haverbeke and others
- Scroll Width Polyfill version 1.1, Copyright 2016 Greg Whitworth, GitHub: https://github.com/gregwhitworth/scrollWidthPolyfill
- diff2html-2.3.3, Copyright 2014-2016 Rodrigo Fernandes

 

Environment

Release : 12.2

Component : AUTOMATION ENGINE

Resolution

Upgrade to AWI 12.3