search cancel

Remediating vulnerability with the following JS code vulnerability JQuery 1.2 < 3.5.0 Multiple XSS

book

Article ID: 256833

calendar_today

Updated On:

Products

CA Identity Suite

Issue/Introduction

This issue is related to IGA Suite Vapp 14.4.1 on AWS 

Finding

NEEDS REMEDIATION:  MEDIUM(>60 days)

<plugin_output>
  URL               : https://166.28.166.96/client/js/jquery.min.js
  Installed version : 2.2.4
  Fixed version     : 3.5.0
</plugin_output>

ip-172-28-171-96.aci.is.cl.ssa.gov

Exploits are available

172.28.171.96

 

Ubuntu 16.04 Linux Kernel 4.4

917

136929

JQuery 1.2 < 3.5.0 Multiple XSS

1590667200

443

11/29/2022 22:07

medium

Upgrade to JQuery version 3.5.0 or later.

 

Specific file impacted: /opt/CA/VirtualAppliance/webapp/client/js/jquery.min.js

Installed version with the VAPP is  - 2.2.4

https://172.28.171.96/client/js/jquery.min.js

/*! jQuery v2.2.4 | (c) jQuery Foundation | jquery.org/license */

"<plugin_output>

  URL               : https://166.28.166.96/client/js/jquery.min.js

  Installed version : 2.2.4

Need to be fixed with the following version

Fixed version     : 3.5.0 or later.

We upgraded the OS patches, which didn’t fix the issues.

Environment

Release : 14.4 Virtual appliance deployed on Amazon Web Services (AWS).

Resolution

Here is the list of security fixes Amazon provides and anybody could subscribe to this.

      https://alas.aws.amazon.com/alas2.html

In this case, the OS is managed by AWS and you will have to wait for AWS to provide the security update.

UpdateManager is handled by AWS itself and updates packages itself without any control from vApp.