VVX 300 Vulnerability problem(Tenable)

ITGuy1031 · ‎03-08-2021

Hello,

I have been trying for a while to get rid of this medium vulnerability on my Tenable scan.

It says: According to the self-reported version in the script, the version of JQuery hosted on the remote web server is greater than or equal to 1.2 and prior to 3.5.0. It is, therefore, affected by multiple cross site scripting vulnerabilities.

I have tried upgrading to the latest software 5.9.6.2996, but when I look for the jQuery version, it still populates as 1.4.4. I have seen posts that talk about upgrading jQuery manually, but I am not able to access the website code to run the jQuery upgrade migrate scripts. I'm not sure how to proceed. If you have any idea how to fix this, that would be awesome!

Thanks,

Jared

SteffenBaierUK · ‎03-08-2021

Hello @ITGuy1031 ,

Welcome to the Poly Community.

We are planning to address this in the next 5.9.7 release with a fix but I do not yet have an ETA

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

----------------
The title Polycom Employee & Community Manager is a community setting and does not reflect my role. I am just a simple volunteer in the community like everybody else. My official "day" Job is 3rd Level support at Poly but I am unable to provide official support via the community.

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

VVX 300 Vulnerability problem(Tenable)

VVX 300 Vulnerability problem(Tenable)

Re: VVX 300 Vulnerability problem(Tenable)