This issue is related to IGA Suite Vapp 14.4.1 on AWS
Finding
NEEDS REMEDIATION: MEDIUM(>60 days) |
<plugin_output> |
ip-172-28-171-96.aci.is.cl.ssa.gov |
Exploits are available |
172.28.171.96 |
Ubuntu 16.04 Linux Kernel 4.4 |
917 |
136929 |
JQuery 1.2 < 3.5.0 Multiple XSS |
1590667200 |
443 |
11/29/2022 22:07 |
medium |
Upgrade to JQuery version 3.5.0 or later. |
Specific file impacted: /opt/CA/VirtualAppliance/webapp/client/js/jquery.min.js
Installed version with the VAPP is - 2.2.4
https://172.28.171.96/client/js/jquery.min.js
/*! jQuery v2.2.4 | (c) jQuery Foundation | jquery.org/license */
"<plugin_output>
URL : https://166.28.166.96/client/js/jquery.min.js
Installed version : 2.2.4
Need to be fixed with the following version
Fixed version : 3.5.0 or later.
We upgraded the OS patches, which didn’t fix the issues.
Release : 14.4 Virtual appliance deployed on Amazon Web Services (AWS).
Here is the list of security fixes Amazon provides and anybody could subscribe to this.
https://alas.aws.amazon.com/alas2.html
In this case, the OS is managed by AWS and you will have to wait for AWS to provide the security update.
UpdateManager is handled by AWS itself and updates packages itself without any control from vApp.