Affected Products:
Single-Function:
All 2016 - 2020 Lexmark Color and Mono products
Multifunction
: All 2016 - 2020 Lexmark Color and Mono products
Issue Description:
Some vulnerability scanners report that Lexmark printers have vulnerabilities for an outdated jQuery version (3.3.1) JavaScript library.
Additional Details:
Despite security scanners flagging the version of jQuery being used by Lexmark as vulnerable, this vulnerability is
not exploitable
in Lexmark firmware and apps.The Lexmark development team has analyzed CVE-2020-7656, CVE-2020-11022 and CVE-2020-11023, and jQuery 3.5.0 release publications and identified the following items in our code which prevented vulnerability exposure related to these CVEs:
All HTML forms and templates used adhere to standard HTML style guide and coding conventions.
These forms and templates are internally generated and no external (untrusted) JavaScript code are sourced.
If running third party Embedded Solutions Framework (ESF) Applications, please reach out to the developer of those applications.
Still Need Help?
Have the following available when calling Lexmark Technical Support;
Printer model(s)
Printer serial number
Software / Solution
LEGACY ID: SO8969