VVX 300 Vulnerability problem(Tenable)

Anonymous · ‎03-08-2021

Hello,

I have been trying for a while to get rid of this medium vulnerability on my Tenable scan.

It says: According to the self-reported version in the script, the version of JQuery hosted on the remote web server is greater than or equal to 1.2 and prior to 3.5.0. It is, therefore, affected by multiple cross site scripting vulnerabilities.

I have tried upgrading to the latest software 5.9.6.2996, but when I look for the jQuery version, it still populates as 1.4.4. I have seen posts that talk about upgrading jQuery manually, but I am not able to access the website code to run the jQuery upgrade migrate scripts. I'm not sure how to proceed. If you have any idea how to fix this, that would be awesome!

Thanks,

Jared

SteffenBaierUK · ‎03-08-2021

Hello @ITGuy1031 ,

Welcome to the Poly Community.

We are planning to address this in the next 5.9.7 release with a fix but I do not yet have an ETA

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN

Create an account on the HP Community to personalize your profile and ask a question