Solved

jQuery version 2.1.3 used for webconsole SP20

  • 17 June 2021
  • 5 replies
  • 76 views

Userlevel 1
Badge +1

hi,

 

a customer did a security scan on there network.

and it came back with the following incident:


CPE:               cpe:/a:jquery:jquery:2.1.3
Installed version: 2.1.3
Location/URL:      https://hostame/webconsole/common/js
EOL version:       2
EOL date:          unknown
 

this version is very old, and flagged as out of support.

the customer was wondering when this will be updated to a newer version.

and how we would upgrade the version.

 

kind Regards,

Thos​ Gieskes.​​​​​​

icon

Best answer by Blaine Williams 18 June 2021, 07:42

Hi Thos, 

It appears it is only being flagged due to being out off support and some medium vulnerabilities. The risk is not high. 

The first changes are targeted for 11.25 (subject to change due to testing etc...). 

I hope that helps answers you questions. 

View original

5 replies

Userlevel 4
Badge +8

Hi Thos. 

I am just confirming with our development team here as it looks like we are pivoting away from jquery. 

I will update in the next couple of days. 

 

Userlevel 4
Badge +8

Hi Thos, 

I have been discussing this with development and we are not technically pivoting away from jquery. We are however working on migrating the functionalities from webconsole to the command centre which is not using the older version of jquery and thus removing the vulnerability. 

 

Userlevel 1
Badge +1

HI @Blaine Williams , 

 

thanks for the update.

the customer is worried about it because it came up in an security scan as the highest level of insecurity (5/5).

can you say if there is an eta on this?

or are there any details on how vulnerable this is?

Thanks!

Userlevel 4
Badge +8

Hi Thos, 

It appears it is only being flagged due to being out off support and some medium vulnerabilities. The risk is not high. 

The first changes are targeted for 11.25 (subject to change due to testing etc...). 

I hope that helps answers you questions. 

Badge

@Thos Gieskes,  I have the Commvault 11.20.46 running in my environment and it already has jQuery 3.4.1 installed. In my case, to fix these security issues found by vulnerabilities scans, I just renamed the file X:\Program Files\Commvault\ContentStore\WebConsole\common\js\jquery-3.4.1.min.js to jquery.min.js, replacing the older version of jQuery. After that, I have been using the webconsole with no problems.

 

 

Reply