JQUERY VULNERABILITY THREAT AFFECTS ACROSS THE GLOBE

In jQuery versions greater than or equal to 1.0.3 or 1.2 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Using this vulnerability, one can create or alter web pages, using the rest Api, one can send or re-route requests and access all the sensitive data across server in the below mentioned affected products.  Majorly the PHP and Python are the used as agents in the following affected products.

AFFECTED PRODUCTS:

1. Oracle – All server and products such as  Financial Services Regulatory Reporting ,  Communications Session Route Manager, Health Sciences Inform,  Hyperion Financial Reporting, Jd Edwards Enterpriseone Tools,  Peoplesoft Enterprise Human Capital Management Resources,  Primavera Gateway, Rest Data Services,  Siebel,  Webcenter Sites,  Weblogic Server
2. Debian 
3. Drupal
4. Tenable

AFFECTED REGION:

1.     United States
2.      Europe (Netherlands, France, Germany, Poland)
3.       China
4.        Russia

 

v Using this abuse, across the globe causing financial damage, such as a hacker from say North Korea, can take control of organizational data anywhere, and demanding for a ransom amount.