A security scan may report a Symantec Siteminder Access Gateway Server having an older version of JQuery.  It may report vulnerability in the version of JQuery.

PRODUCT: Symantec Siteminder

COMPONENT: Access Gateway

VERSION: r12.6 - r12.8.8.1

OPERATING SYSTEM: Any

Siteminder Access Gateway ships with the following versions of JQuery:

r12.8.6:    JQuery v3.5.1
r12.8.6a:  JQuery v3.5.1
r12.8.7:    JQuery v3.6.0
r12.8.8:    JQuery v3.6.x
r12.8.8.1: JQuery v3.6.3

JQuery is installed in the following path on Siteminder Access Gateway:

WINDOWS: \<Install_Dir>\secure-proxy\proxy-engine\...

LINUX: /<Install_Dir>/secure-proxy/proxy-engine/...

The last published vulnerability for JQuery v3.x.x were:

CVE-2020-23064 "Vulnerable to Cross-site Scripting (XSS) Passing HTML containing <option> elements from untrusted sources"

Impacted: 3.4.1 and older
Remediated: 3.5.0 and higher.

There are no CVE published for JQuery version 3.5.0 and higher.  There are no versions of JQuery on any Siteminder component associated with a published CVE.

If a newer version of JQuery is required, it would be recommended to upgrade the most recent version of Siteminder Access Gateway.