Summary
The SOAPam Server Control Panel uses the jQuery JavaScript library. A security vulnerability has been identified in the jQuery version used by the Control Panel.
Advisory Release Date
June 10, 2019
Affected Versions
All through 3.1.6
Fixed Versions
3.1.6.3
Status
The jQuery vulnerability is described here:
https://nvd.nist.gov/vuln/detail/CVE-2019-11358
The vulnerability was corrected in jQuery version 3.4.0. The jQuery release notes can be found here:
https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/
Although SOAPam Server does not directly use the jQuery.extend() function, a hotfix is available which updates the jQuery script files stored in the VFS. to version 3.4.1. Note that this hotfix is for the 3.1.6 release only. If you would like a hotfix prepared for another release, please open a support case and let us know the release you're using.
Hotfix Installation
Install the hotfix by following these steps:
- Download the hotfix PAK file using the link below and transfer the file to your NonStop system.
- Unpak the hotfix PAK file, which contains the following VFS image file:
- HFIMAGE
- Update the VFS with the hotfix files using the following VFSMGR command:
-
tacl>run vfsmgr -vfs <vfs-subvol> -put folder hfimage / !
-
- Refresh any browser running the Control Panel to refresh the jQuery files.