This issue is related to IGA Suite Vapp 14.4.1 on Amazon Web Services (AWS)

Finding

jquery multiple XSS exploits in version 2.2.4

Specific file impacted: /opt/CA/VirtualAppliance/webapp/client/js/jquery.min.js

Installed version with the VAPP is  - 2.2.4

https://xxxx.xx.xxx.xx/client/js/jquery.min.js

/*! jQuery v2.2.4 | (c) jQuery Foundation | jquery.org/license */

"<plugin_output>

  URL               : https://xxxx.xx.xxx.xx/client/js/jquery.min.js

  Installed version : 2.2.4

Need to be fixed with the following version

Fixed version     : 3.5.0 or later.

We upgraded the OS patches, which didn’t fix the issues.

Release : 14.4 Virtual appliance deployed on Amazon Web Services (AWS).

Here is the list of security fixes Amazon provides and anybody could subscribe to this.

      https://alas.aws.amazon.com/alas2.html

In this case, the OS is managed by AWS and you will have to wait for AWS to provide the security update.

UpdateManager is handled by AWS itself and updates packages itself without any control from vApp.