BSI JQuery Vulnerabilities - CVE-2020-11023 & CVE-2020-11022
search cancel

BSI JQuery Vulnerabilities - CVE-2020-11023 & CVE-2020-11022

book

Article ID: 273182

calendar_today

Updated On:

Products

CA Business Service Insight

Issue/Introduction

According to version in script, the version of JQuery hosted on the remote web server is greater than or equal to 1.2 and prior to 3.5.0. It is, therefore, affected by multiple cross site scripting vulnerabilities.

Environment

BSI 8.3.5.x

Resolution

With respect to BSI, JQuery usage is very limited with no DOM Manipulation APIs used in the BSI application. 

We sanitize both the client and server side requests before processing the data. 

However, JQuery migration to the latest version is planned as part of the next release of BSI (9.x) which is expected in the first half of 2025 (subject to change).