JQuery on BigFix Inventory and Compliance Server

pcpeteusa · September 14, 2020, 6:25pm

Hello,

When using Nessus to scan Windows 2012R2 servers running BigFix Inventory and Compliance, we are getting errors about CSS vulnerbilities from CVE-2020-11022 and CVE-2020-11023. Erors indicate JQuery 3.4.41 is installed and it needs to be at least version 3.5.0. BigFix Compiance is at 10.1.48 and Inventory is at 10.0.1.0.

I did notice that BigFix version 10 patch 1 is using JQuery 3.5.1 but we have these applications on seperate servers. when will the CSS vulnerbilities related to JQuery be eliminiated?

karlhe · September 15, 2020, 11:33pm

See the discussion in the other thread: Availability of BigFix Compliance Analytics 2.0 Patch 1

The summary is we patched it out in version 2.0.1.

GJablonska · September 16, 2020, 5:36pm

Hello,
The next BigFix Inventory v10.0.2 is using JQuery 3.5.1. This application update is coming soon.

pcpeteusa · September 22, 2020, 11:33am

Thank you that is great news.