ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
The jQuery embedded in WCC is vulnerable to Cross Site Scripting (XSS) and HTTP Pollution.
book
Article ID: 224677
calendar_today
Updated On:
Products
CA Workload Automation AE
Issue/Introduction
Vulnerability Description: "The jQuery version 2.1.0 is vulnerable to Cross Site Scripting (XSS), HTTP Pollution. An adversary may use this to carry further attacks and gain complete access over network"
Environment
Release : 11.4 SP6
Component : WORKLOAD CONTROL CENTER
Resolution
The reported vulnerability is fixed in jQuery version 3.5.0 which installs with WCC version R12.0
So upgrade to WCC R12 version to fix the vulnerability.