B - Production Support » BSN CDB Support

During the application test, LGMS security team observed that the [plugins][libraries][web server] used by the application are not up to date. Outdated [plugins][libraries][web server] might pose serious security issues and allow an attacker to easily identify or exploit the security issue using automated tools.

bootstrap 4.1.1
The library bootstrap version 4.1.1 has known security issues. For more information, visit this website:
https://github.com/twbs/bootstrap/issues/28236

ckeditor 4.8.0
The library ckeditor version 4.8.0 has known security issues. For more information, visit these websites:
https://ckeditor.com/blog/CKEditor-4.9.2-with-a-security-patch-released/
https://ckeditor.com/cke4/release-notes

jquery 3.4.0.min
The library jquery version 3.4.0.min has known security issues. For more information, visit this website::
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/

Potentially vulnerable
Servlet 3.1
The component Servlet 3.1 has known security issue. For more information, visit this website:
https://www.ibm.com/support/pages/security-bulletin-multiple-vulnerabilities-http2-implementation-used-websphere-application-server-liberty

Note: The vulnerability might be affecting a feature of the library that the website is not using. If the vulnerable feature is not used, this alert can be considered as false positive.

Given solution :

1. Identify all components and the versions that the application is using, including all dependencies (e.g., the versions plugin). It is advisable to update the components if it is not up to date.

2. Monitor the security of these components in public databases, project mailing lists, and security mailing lists, and keep them up to date.