Main Menu
SonicWall
  • Products
    • Network Security
      • Next-Generation Firewall (NGFW)
      • Secure SD-WAN
      • Security Services
      • Network Security Management
      • SonicProtect Subscription
    • Email Security
      • Hosted Email Security
      • On-Prem Email Security
    • Networking & Access
      • Switches
      • Access Points
      • Outdoor Access Points
      • Zero Trust Access On-Premise (SMA)
      • Wireless Network Manager
    • Secure Service Edge
      • Cloud Secure Edge
      • Secure Private Access
      • Secure Internet Access
    • XDR & Managed XDR
      • Managed Endpoint Detection & Response
      • Cloud Detection & Response
      • Network Detection & Response
      • Capture Client
      • Capture Advanced Threat Protection (ATP)
    • SonicPlatform

      SonicPlatform is the cybersecurity platform purpose-built for MSPs, making managing complex security environments among multiple tenants easy and streamlined.

      Discover More
      • All Products A–Z
      Free Trials
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State Government
      • Local Government
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Network Segmentation
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure Wi-Fi
    • Widgets
      • Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Service Providers
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Technical Certification Training
    • Widgets
      • Content Widgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Cloud Secure Edge Docs
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Events
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Widgets
      • Content Widgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Image Widgets
  • Company
    • Company
      • Newsroom
      • Awards
      • Leadership
      • Press Kit
      • Careers
    • Promotions
      • SonicWall Promotions
      • Customer Loyalty Program
    • Managed Services
      • Managed Security Services
      • Security as a Service
      • Professional Services
  • Promotions
    • SonicWall Promotions
    • Customer Loyalty Program
  • Managed Services
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Us
  • English English English en
  • Partner Portal
  • Resources
  • Blog
  • Events
  • en
    • English
SonicWall
  • Products
      All Products A–Z
      Free Trials
    • SonicPlatform

      SonicPlatform is the cybersecurity platform purpose-built for MSPs, making managing complex security environments among multiple tenants easy and streamlined.

      Discover More
    • Network Security
      • Next-Generation Firewall (NGFW)
      • Secure SD-WAN
      • Security Services
      • Network Security Management
      • SonicProtect Subscription
    • Email Security
      • Hosted Email Security
      • On-Prem Email Security
    • Networking & Access
      • Switches
      • Access Points
      • Outdoor Access Points
      • Zero Trust Access On-Premise (SMA)
      • Wireless Network Manager
    • Secure Service Edge
      • Cloud Secure Edge
      • Secure Private Access
      • Secure Internet Access
    • XDR & Managed XDR
      • Managed Endpoint Detection & Response
      • Cloud Detection & Response
      • Network Detection & Response
      • Capture Client
      • Capture Advanced Threat Protection (ATP)
  • Solutions
    • Federal

      Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      Learn More
      Federal

      Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      Learn More
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State Government
      • Local Government
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Network Segmentation
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure Wi-Fi
  • Partners
    • Partner Portal

      Access to deal registration, MDF, sales and marketing tools, training and more

      Learn More
      Partner Portal

      Access to deal registration, MDF, sales and marketing tools, training and more

      Learn More
    • SonicWall Partners
      • Partners Overview
      • Service Providers
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Technical Certification Training
  • Support
    • Support Portal

      Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      Learn More
      Support Portal

      Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      Learn More
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Cloud Secure Edge Docs
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Events
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
  • Company
    • Company
      • Newsroom
      • Awards
      • Leadership
      • Press Kit
      • Careers
    • Promotions
      • SonicWall Promotions
      • Customer Loyalty Program
    • Managed Services
      • Managed Security Services
      • Security as a Service
      • Professional Services
  • Contact Us

Are SMA 100 series appliances vulnerable to jQuery vulnerabilities?

03/26/2020 10 People found this article helpful 481,018 Views

    Download
    Print
    Share
    • LinkedIn
    • Twitter
    • Facebook
    • Email
    • Copy URL The link has been copied to clipboard

    Description

    Are SRA / SMA 100 series appliances vulnerable to CVE-2011-4969 , CVE-2012-6708 and CVE-2015-9251?

    Cause

    CVE-2011-4969: XSS vulnerability in jQuery before 1.6.3, when using location.hash elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.

    CVE-2012-6708: jQuery before 1.9.0 is vulnerable to XSS attacks.

    CVE-2015-9251: jQuery before 3.0.0 is vulnerable to XSS attacks when a cross-domain Ajax request is performed without the dateType option, causing text/javascript responses to be executed.

    Resolution

    Our SMA 100 series appliances uses jQuery 1.4.2 patched and has mechanisms to prevent XSS attack. So, it is confirmed that our SMA 100 series appliances are not vulnerable.

    NOTE: jQuery patch was included from 8.1.0.4 and 8.5.0.1 onwards. Refer: SMB SSL-VPN - Does the jQuery vulnerability (CVE-2011-4969) affects SRA/SMA devices?

     

    ISSUE ID:

    211022

    Related Articles

    • How to Set Timeout for Inactive Tunnel Connections
    • Commands for silent installation of NetExtender via CMD line
    • Users on Netextender 10.3.0 version failing to connect with the following error message " Cannot get a response from the server "

    Categories

    • Secure Mobile Access > SMA 100 Series > Vulnerabilities

    Not Finding Your Answers?

    ASK THE COMMUNITY

    Was This Article Helpful?

    YESNO

    Article Helpful Form

    • Hidden

    Article Not Helpful Form

    • Hidden
    Follow Us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
    • Instagram

    © 2024 SonicWall. All Rights Reserved.

    • Legal
    • Privacy
    Company
    • Careers
    • News
    • Leadership
    • Awards
    • Press Kit
    • Contact Us
    Popular resources
    • Communities
    • Blog
    • SonicWall Capture Labs
    Subscribe to newsletter

    Stay In Touch

    • By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. You can unsubscribe at any time from the Preference Center.
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • This field is for validation purposes and should be left unchanged.
    Scroll to top