B - Production Support » BSN CDB Support

During the application test, LGMS security team observed that the libraries and web server used by the application are not up to date. Outdated libraries and web server might pose serious security issues and allow an attacker to easily identify or exploit the security issue using automated tools.

jquery 3.4.0.min
The library jquery version 3.4.0.min has known security issues. For more information, visit this website:
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/

jquery 2.1.1.min
The library jquery version 2.1.1.min has known security issues. For more information, visit those websites:

https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
https://nvd.nist.gov/vuln/detail/CVE-2015-9251

Potentially vulnerable
Servlet 3.1
The component Servlet 3.1 has known security issue. For more information, visit this website:
https://www.ibm.com/support/pages/security-bulletin-multiple-vulnerabilities-http2-implementation-used-websphere-application-server-liberty

Note: The vulnerability might be affecting a feature of the library that the website is not using. If the vulnerable feature is not used, this alert can be considered as false positive.

Solution given :
1. Identify all components and the versions that the application is using, including all dependencies (e.g., the versions plugin). It is advisable to update the components if it is not up to date.

2. Monitor the security of these components in public databases, project mailing lists, and security mailing lists, and keep them up to date.