The jQuery embedded in WCC is vulnerable to Cross Site Scripting (XSS) and HTTP Pollution.

book

Article ID: 224677

calendar_today

Updated On:

Products

CA Workload Automation AE

Issue/Introduction

Vulnerability Description:
"The jQuery version 2.1.0 is vulnerable to Cross Site Scripting (XSS), HTTP Pollution. An adversary may use this to carry further attacks and gain complete access over network"

Environment

Release : 11.4 SP6

Component : WORKLOAD CONTROL CENTER

Resolution

The reported vulnerability is fixed in jQuery version 3.5.0 which installs with WCC version R12.0 

So upgrade to WCC R12 version to fix the vulnerability.