Data Protection Search 19.4 and 19.6.0 and 19.6.2 jQuery CVE-2020-11022 CVE-2020-11023 CVE-2019-11358 vulnerabilities
Summary: Data Protection Search 19.4.0.3366,19.5.1 ,19.6.0.4070 and 19.6.2 part of IDPA 2.6.1,2.7.0 and 2.7.2 , contains multiple identified JQuery vulnerabilities including -- CVE-2020-11022/CVE-2020-11023/CVE-2019-11358 ...
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
Security Scanners may report any of the following JQuery CVE's on Search nodes :
jQuery Vulnerability: CVE-2020-11022 jQuery Vulnerability: CVE-2020-11023 jQuery Vulnerability: CVE-2019-11358
Cause
Security Vulnerability in third part JQuery component used by Data Protection Search
Resolution
The following process needs be executed on each Search Node to update the affected JQuery components. Perform the task on each node one at a time, letting the node come back online fully before proceeding to the next node.
1) If Desired take a snapshot of the Search VM to provide a recovery roll back option.
2) Backup the two folders with the affected files that are to be replaced:
3) Download and copy the attached jquery file to /tmp on the Search node and "cd" to that folder
4) Run these 2 commands :
Replace "filename" in the command with the actual file name, for example :
5) reboot
6) re-scan and confirm the vulnerabilities are no longer reported.
Please be aware that only Vulnerabilities identified and resolved prior to the release of this fix are included, any newer vulnerabilities or ones not listed that are not resolved by this process should be brought to the attention of Dell Support.
1) If Desired take a snapshot of the Search VM to provide a recovery roll back option.
2) Backup the two folders with the affected files that are to be replaced:
tar -czvf /tmp/home_Jquery.tar.gz /home/search/reveal/web/ui/common/jquery tar -czvf /tmp/user_Jquery.tar.gz /usr/local/search/web/ui/common/jquery
3) Download and copy the attached jquery file to /tmp on the Search node and "cd" to that folder
4) Run these 2 commands :
unzip -o /tmp/"filename" -d /home/search/reveal/web/ui/common/ unzip -o /tmp/"filename" -d /usr/local/search/web/ui/common/
Replace "filename" in the command with the actual file name, for example :
unzip -o /tmp/jquery_csp.zip -d /home/search/reveal/web/ui/common/ unzip -o /tmp/jquery_csp.zip -d /usr/local/search/web/ui/common/
5) reboot
6) re-scan and confirm the vulnerabilities are no longer reported.
Please be aware that only Vulnerabilities identified and resolved prior to the release of this fix are included, any newer vulnerabilities or ones not listed that are not resolved by this process should be brought to the attention of Dell Support.
Article Properties
Article Number: 000189727
Article Type: Solution
Last Modified: 19 Jul 2023
Version: 4
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.