The jQuery embedded in WCC is vulnerable to Cross Site Scripting (XSS) and HTTP Pollution.

search cancel

The jQuery embedded in WCC is vulnerable to Cross Site Scripting (XSS) and HTTP Pollution.

book

Article ID: 224677

calendar_today

Updated On:

Products

CA Workload Automation AE

Issue/Introduction

Vulnerability Description:
"The jQuery version 2.1.0 is vulnerable to Cross Site Scripting (XSS), HTTP Pollution. An adversary may use this to carry further attacks and gain complete access over network"

Environment

Release : 11.4 SP6

Component : WORKLOAD CONTROL CENTER

Resolution

The reported vulnerability is fixed in jQuery version 3.5.0 which installs with WCC version R12.0

So upgrade to WCC R12 version to fix the vulnerability.

Feedback

thumb_up Yes

thumb_down No