PAM  4.2.0 and lower than versions are using RequireJs version 2.1.6.

PAM 4.2.0 and lower versions

Customers using 4.2.0 and lower versions found the library to be an old version (2.1.6) and that they think it should be upgraded to a more modern and secure version.

PAM 4.2.1 is published with the most current version of the requirejs module available (version 2.3.7) on the date PAM 4.2.1 was released.

To check version of requires.js is in use follow the following steps using a browser. In this example is MS Edge:

1. open PAM page using https://<pam-ip-address>/cspm/home
2. Press F12 to open Edge Developer Tool
3. Navigate in Developer tool to Applications and expand the Frames under top -> JavaScript -> click over require.js. This will show in the left panel the code of requirejs version = '2.1.6'.
4. The version 2.1.6 is outdated and vulnerable because this PAM 4.2.1 received a more recent version of requirejs being 2.3.7