Addressing jQuery 2.2.4 Vulnerability in Vaap 14.5.1 CHF001
search cancel

Addressing jQuery 2.2.4 Vulnerability in Vaap 14.5.1 CHF001

book

Article ID: 386953

calendar_today

Updated On: 01-31-2025

Products

CA Identity Suite

Issue/Introduction

The current implementation of Virtual Appliance 14.5.1 CHF001 utilizes jQuery version 2.2.4, which has known security vulnerabilities that need addressing to prevent potential exploitation. Clients operating within contexts (e.g., secure environments) should aim to keep their frameworks up to date to mitigate vulnerabilities.

Environment

Virtual Appliance 14.5.1 CHF001 under VMware Platform

Resolution

  • Major Version Update: Resolving this vulnerability necessitates a significant upgrade, which affects multiple components linked to the main login page.

  • Component Rewrites: Some components require complete rewrites due to the lack of available updates.

Given the medium-risk classification, priority has been reallocated to address more critical issues first.

Consequently, this vulnerability is scheduled to be resolved in the next release of the Identity Suite.