Remediating vulnerability with the following JS code vulnerability JQuery 1.2 < 3.5.0 Multiple XSS
Article ID: 256833
Updated On:
Products
Issue/Introduction
This issue is related to IGA Suite Vapp 14.4.1 on AWS
Finding
|
NEEDS REMEDIATION: MEDIUM(>60 days) |
<plugin_output> |
ip-172-28-171-96.aci.is.cl.ssa.gov |
Exploits are available |
172.28.171.96 |
Ubuntu 16.04 Linux Kernel 4.4 |
917 |
136929 |
JQuery 1.2 < 3.5.0 Multiple XSS |
1590667200 |
443 |
11/29/2022 22:07 |
medium |
Upgrade to JQuery version 3.5.0 or later. |
Specific file impacted: /opt/CA/VirtualAppliance/webapp/client/js/jquery.min.js
Installed version with the VAPP is - 2.2.4
https://172.28.171.96/client/js/jquery.min.js
/*! jQuery v2.2.4 | (c) jQuery Foundation | jquery.org/license */
"<plugin_output>
URL : https://166.28.166.96/client/js/jquery.min.js
Installed version : 2.2.4
Need to be fixed with the following version
Fixed version : 3.5.0 or later.
We upgraded the OS patches, which didn’t fix the issues.
Environment
Release : 14.4 Virtual appliance deployed on Amazon Web Services (AWS).
Resolution
Here is the list of security fixes Amazon provides and anybody could subscribe to this.
https://alas.aws.amazon.com/alas2.html
In this case, the OS is managed by AWS and you will have to wait for AWS to provide the security update.
UpdateManager is handled by AWS itself and updates packages itself without any control from vApp.
Feedback
