search cancel

Autosys/WCC/EEM jQuery XSS Vulnerability

book

Article ID: 190608

calendar_today

Updated On:

Products

CA Workload Automation AE - Business Agents (AutoSys) CA Workload Automation AE - System Agent (AutoSys) CA Workload Automation AE - Scheduler (AutoSys) Workload Automation Agent CA Workload Automation AE

Issue/Introduction

We received a notification from our security team about a jQuery XSS vulnerability. 

Can you tell us if Autosys/WCC/EEM are impacted by this? 

If so, we will need to address this issue.  

"A high priority Cross-Site Scripting vulnerability was recently addressed in the newly released jQuery 3.5.0:

 

"...jQuery used a regex in its jQuery.htmlPrefilter method to ensure that all closing tags were XHTML-compliant when passed to methods. For example, this prefilter ensured that a call like jQuery("<div class='hot' />") is actually converted to jQuery("<div class='hot'></div>"). Recently, an issue was reported that demonstrated the regex could introduce a cross-site scripting (XSS) vulnerability."

Environment

Release : 11.3.6

Component : WORKLOAD CONTROL CENTER

Resolution

For WCC the issue is addressed in r12.
For AE (AutoSys) and EEM (Embedded Entitlements Manager) they do not use jquery so there is no impact.

Powered by Wolken Software