F5 Out of date jQuery bootstrap version

Question

Is F5 affected by Out of date jQuery bootstrap version vulnerability CVE-2024-6531 and CVE-2020-11022, and can we remove bootstrap.min.js file from F5 APM.

As verified bootstrap is not part of BIG-IP third-party software matrix list

And even in Big IP version 17.x the jquery version shows as v1.10

f51 · Answer

I have searched in our F5 articles regarding - CVE-2020-11022 and found the below

K02453220: jQuery vulnerability CVE-2020-11022 - Restrict management access

K39313545: How to check jQuery version installed on BIG-IP

gdc1-trg-f5 · Answer

As per&nbsp;K02453220 jQuery versions greater than or equal to 1.2 and before 3.5.0 is affected, and as verified the jquery version shows as v1.10 even on the latest 17.x version.&nbsp;So other than the mitigation mentioned in the article K02453220 is there any available fix for the same ?&nbsp;&nbsp;

f51 · Answer

As mentioned in that article, there’s currently no software fix or patch available for 17.x. However, you can restrict management access to trusted networks and users, as described in the article. I’m providing this information based on the article, but if you need more details, feel free to open a ticket with F5 support to get more information.

Forum Discussion

F5 Out of date jQuery bootstrap version

3 Replies

Welcome! a la Communidad DevCentral LATAM de F5!

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

Recent Discussions

Can I use F5 Big-IP WAF as HoneyPot

ssh on slot1 failed f5 viprion

SSH forward proxy

Multiple Default Gateways

ASM Sec-CH-UA-Full-Version-List backquote in Header

Related Content

TMOS Version Update Paths

Viprion version upgrade

Set HTTP version

Installing and Locking a Specific Version of F5 NGINX Plus

New iOS F5 Access version (3.1.0) issues

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS