Lexmark Devices Showing Security Vulnerabilities for jQuery 3.3.1: specifically CVE-2020-7656, CVE-2020-11022, and CVE-2020-11023
Affected Products:
Single-Function:
All 2016 - 2020 Lexmark Color and Mono products
Multifunction:
All 2016 - 2020 Lexmark Color and Mono products
Issue Description:
Some vulnerability scanners report that Lexmark printers have vulnerabilities for an outdated
jQuery version (3.3.1) JavaScript library
.
Additional Details:
Despite security scanners flagging the version of jQuery being used by Lexmark as vulnerable,
this vulnerability is not exploitable in Lexmark firmware and apps
.
The Lexmark development team has analyzed
CVE-2020-7656
, CVE-2020-11022
and CVE-2020-11023
, and jQuery 3.5.0
release publications and identified the following items in our code which prevented vulnerability exposure related to these CVEs:
- All HTML forms and templates used adhere to standard HTML style guide and coding conventions.
- These forms and templates are internally generated and no external (untrusted
If running third party Embedded Solutions Framework (
ESF
) Applications, please reach out to the developer of those applications
.
Still Need Help?
Have the following available when calling Lexmark Technical Support;
- Printer model(s)
- Printer serial number
- Software / Solution
LEGACY ID:
SO8969