Support on SonicWall Products, Services and Solutions
Browse Knowledgebase by Category
Are SMA 100 series appliances vulnerable to jQuery vulnerabilities?
03/26/2020 7 8202
Are SRA / SMA 100 series appliances vulnerable to CVE-2011-4969 , CVE-2012-6708 and CVE-2015-9251?
CVE-2011-4969: XSS vulnerability in jQuery before 1.6.3, when using location.hash elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.
CVE-2012-6708: jQuery before 1.9.0 is vulnerable to XSS attacks.
Our SMA 100 series appliances uses jQuery 1.4.2 patched and has mechanisms to prevent XSS attack. So, it is confirmed that our SMA 100 series appliances are not vulnerable.
NOTE: jQuery patch was included from 220.127.116.11 and 18.104.22.168 onwards. Refer: SMB SSL-VPN - Does the jQuery vulnerability (CVE-2011-4969) affects SRA/SMA devices?