Are SMA 100 series appliances vulnerable to jQuery vulnerabilities?
03/26/2020 6 6682
Are SRA / SMA 100 series appliances vulnerable to CVE-2011-4969 , CVE-2012-6708 and CVE-2015-9251?
CVE-2011-4969: XSS vulnerability in jQuery before 1.6.3, when using location.hash elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.
CVE-2012-6708: jQuery before 1.9.0 is vulnerable to XSS attacks.
Our SMA 100 series appliances uses jQuery 1.4.2 patched and has mechanisms to prevent XSS attack. So, it is confirmed that our SMA 100 series appliances are not vulnerable.
NOTE: jQuery patch was included from 184.108.40.206 and 220.127.116.11 onwards. Refer: SMB SSL-VPN - Does the jQuery vulnerability (CVE-2011-4969) affects SRA/SMA devices?