Task #12558
Task #12556: Pentest - 2nd Assessment [2021]
Pentest_IBAM - Using Components with Known Vulnerabilities [MED]
Status: | Work Completed-End life cycle | Start date: | November 08, 2021 | ||
---|---|---|---|---|---|
Priority: | Normal | Due date: | |||
Assignee: | Nurul Athira Abdul Rahim | % Done: | 90% | ||
Category: | Penetration Test Issue | Spent time: | - | ||
Target version: | - |
Description
During the application test, LGMS security team observed that the libraries used by the application are not up to date. Outdated libraries might pose serious security issues and allow an attacker to easily identify or exploit the security issue using automated tools.
bootstrap 4.1.1
The library bootstrap version 4.1.1 has known security issues. For more information, visit this website:
jquery ui 1.10.3
The library jquery UI version 1.10.3 has known security issues. For more information, visit those websites:
https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe%3A2.3%3Aa%3Ajquery%3Ajquery_ui%3A1.10.3%3A*%3A*%3A*%3A*%3A*%3A*%3A*
Note: The vulnerability might be affecting a feature of the library that the website is not using. If the vulnerable feature is not used, this alert can be considered as false positive.
Solution provided by LGMS :
1. Identify all components and the versions that the application is using, including all dependencies (e.g., the versions plugin). It is advisable to update the components if it is not up to date.
2. Monitor the security of these components in public databases, project mailing lists, and security mailing lists, and keep them up to date.
'Affected Components:
https://10.10.55.34:9444/bsn-admin-uat/js/libs/jquery-ui-1.10.3.min.js
https://10.10.55.34:9444/bsn-admin-uat/assets/plugins/bootstrap/js/bootstrap.bundle.min.js
History
#1 Updated by Nurul Athira Abdul Rahim almost 3 years ago
- Subject changed from Pentest_IBAM - Using Components with Known Vulnerabilities [LOW] to Pentest_IBAM - Using Components with Known Vulnerabilities [MED]
#2 Updated by Najmi Pasarudin almost 3 years ago
- Status changed from New - Begin Life Cycle to Development / Work In Progress
#3 Updated by Najmi Pasarudin almost 3 years ago
- File sc2.png added
- % Done changed from 0 to 90
- Bootstrap 4.1.1 > 4.6.1
- jquery-ui 1.10.3 > 1.13.0
#4 Updated by Najmi Pasarudin almost 3 years ago
- Status changed from Development / Work In Progress to Internal Testing
- Assignee changed from Najmi Pasarudin to Nurul Athira Abdul Rahim
#5 Updated by Nurul Athira Abdul Rahim almost 3 years ago
- Status changed from Internal Testing to System Integration Test
#6 Updated by Najmi Pasarudin over 2 years ago
- Status changed from System Integration Test to Pending Prod Deployment
- Assignee changed from Nurul Athira Abdul Rahim to Najmi Pasarudin
#7 Updated by Najmi Pasarudin over 2 years ago
- Status changed from Pending Prod Deployment to Pending Review
- Assignee changed from Najmi Pasarudin to Nurul Athira Abdul Rahim
Production deployed on 4/3/2022
#8 Updated by Nurul Athira Abdul Rahim about 2 years ago
- Status changed from Pending Review to Work Completed-End life cycle