Are SMA 100 series appliances vulnerable to jQuery vulnerabilities?
03/26/2020 9 People found this article helpful 94,398 Views
Are SRA / SMA 100 series appliances vulnerable to CVE-2011-4969 , CVE-2012-6708 and CVE-2015-9251?
CVE-2011-4969: XSS vulnerability in jQuery before 1.6.3, when using location.hash elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.
CVE-2012-6708: jQuery before 1.9.0 is vulnerable to XSS attacks.
Our SMA 100 series appliances uses jQuery 1.4.2 patched and has mechanisms to prevent XSS attack. So, it is confirmed that our SMA 100 series appliances are not vulnerable.
NOTE: jQuery patch was included from 22.214.171.124 and 126.96.36.199 onwards. Refer: SMB SSL-VPN - Does the jQuery vulnerability (CVE-2011-4969) affects SRA/SMA devices?
Was This Article Helpful?