Hi Guys,
Need help to remediate the Vulnerability found in our Bigfix Console.
Tenable Plugin Name
136929 - JQuery 1.2 < 3.5.0 Multiple XSS
Description
**"According to the self-reported version in the script, the version of JQuery hosted on the remote web server is greater than or equal to 1.2 and prior to 3.5.0. It is, therefore, affected by multiple cross site scripting vulnerabilities.
Note, the vulnerabilities referenced in this plugin have no security impact on PAN-OS, and/or the scenarios required for successful exploitation do not exist on devices running a PAN-OS release."
**
Which BigFix products are running on your server, and what are there versions? My understanding is we patched these issues several versions ago, with separate updates for Inventory, Compliance, etc.
Hi JasonWalker,
Thank you for your response.
Our Bigfix Console server version is 9.5.16.90.
A JQuery issue could be in one of the integrations as well- are you running Web Reports, WebUI, Inventory, or Compliance on this server?
Yes we are running Web Reports, WebUI, Inventory and Compliance on our server.
Ok, the way to fix any JQuery vulnerabilities in our products is to upgrade to current levels. BigFix Platform itself is now up to 9.5.18. you may need upgrades for Inventory and Compliance as well,depending on their installed versions.
Okay. Could you be able to share any procedure on how we can upgrade the server and inventory? thanks in advance.
https://help.hcltechsw.com/bigfix/9.5/platform/Platform/Installation/c_upgrading1.html
https://help.hcltechsw.com/bigfix/10.0/inventory/Inventory/upgrading/t_upgrading_from_9.html
Our Professional Services team and partner integrators are also ready to help, if you need some contract-based help to upgrade, optimize, and validate your deployment. Let me know if you would like some contact info on how to engage us.