ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
The jQuery embedded in WCC is vulnerable to Cross Site Scripting (XSS) and HTTP Pollution.
Article ID: 224677
Updated On:
Products
CA Workload Automation AE
Issue/Introduction
Vulnerability Description:
"The jQuery version 2.1.0 is vulnerable to Cross Site Scripting (XSS), HTTP Pollution. An adversary may use this to carry further attacks and gain complete access over network"
Environment
Release : 11.4 SP6
Component : WORKLOAD CONTROL CENTER
Resolution
The reported vulnerability is fixed in jQuery version 3.5.0 which installs with WCC version R12.0
So upgrade to WCC R12 version to fix the vulnerability.
Feedback
Yes
No
Powered by
