1. guides
  2. en
  3. Knowledge base
  4. Other troubleshooting
  5. Security advisories
  6. Lexmark Devices Showing Security Vulnerabilities for jQuery 3.3.1: specifically CVE-2020-7656, CVE-2020-11022, and CVE-2020-11023

Lexmark Devices Showing Security Vulnerabilities for jQuery 3.3.1: specifically CVE-2020-7656, CVE-2020-11022, and CVE-2020-11023

Affected Products:
Single-Function: All 2016 - 2020 Lexmark Color and Mono products
Multifunction: All 2016 - 2020 Lexmark Color and Mono products
Issue Description:
Some vulnerability scanners report that Lexmark printers have vulnerabilities for an outdated
jQuery version (3.3.1) JavaScript library
.
Additional Details:
Despite security scanners flagging the version of jQuery being used by Lexmark as vulnerable,
this vulnerability is not exploitable in Lexmark firmware and apps
.
The Lexmark development team has analyzed
CVE-2020-7656
,
CVE-2020-11022
and
CVE-2020-11023
, and
jQuery 3.5.0
release publications and identified the following items in our code which prevented vulnerability exposure related to these CVEs:
  • All HTML forms and templates used adhere to standard HTML style guide and coding conventions.
  • These forms and templates are internally generated and no external (
    untrusted
    ) JavaScript code are sourced.
If running third party Embedded Solutions Framework (
ESF
) Applications,
please reach out to the developer of those applications
.
Still Need Help?
Have the following available when calling Lexmark Technical Support;
  • Printer model(s)
  • Printer serial number
  • Software / Solution
LEGACY ID:
SO8969