A Penetration test has identified and It is recommended that the version of jQuery in use on CA Spectrum application be updated in order to mitigate the risk of publicly known vulnerabilities in jQuery affecting the target application.

Release : 10.4.2.1

Component : Spectrum Core / SpectroSERVER

We use jQuery in Service Desk Integration NIM (3.2.0.314) which is part of Spectrum 10.4.2.1.

Jquery will be updated to 3.5.1 in November 2020 to be tracked under US709282: NIM Upgrade - SNOW-Paris and added to Spectrum in a future release.

Vulnerability for Jquery was validated here

 Jquery Vulnerability