Thank you for your feedback



Lexmark Devices Showing Security Vulnerabilities for jQuery 3.3.1: specifically CVE-2020-7656, CVE-2020-11022, and CVE-2020-11023

Document ID:SO8969

Usergroup :External
  Languages  
07/29/20 Properties  

Solution

Affected Products:

Single-Function: All 2016 - 2020 Lexmark Color and Mono products

MultifunctionAll 2016 - 2020 Lexmark Color and Mono products

 

Issue Description:

Some vulnerability scanners report that Lexmark printers have vulnerabilities for an outdated jQuery version (3.3.1) JavaScript library.

 

Additional Details:

Despite security scanners flagging the version of jQuery being used by Lexmark as vulnerable, this vulnerability is not exploitable in Lexmark firmware and apps.

The Lexmark development team has analyzed CVE-2020-7656, CVE-2020-11022 and CVE-2020-11023, and jQuery 3.5.0 release publications and identified the following items in our code which prevented vulnerability exposure related to these CVEs:

  • All HTML forms and templates used adhere to standard HTML style guide and coding conventions.
  • These forms and templates are internally generated and no external (untrusted) JavaScript code are sourced. 

If running third party Embedded Solutions Framework (ESF) Applications, please reach out to the developer of those applications.

 

Still Need Help?

Have the following available when calling Lexmark Technical Support;

  • Printer model(s)
  • Printer serial number
  • Software / Solution

 



Link:
Please enter the email address you would like to send a copy of this page to.