Skip to Content Information Center
Lexmark CS923

Lexmark CS923

Lexmark Devices Showing Security Vulnerabilities for jQuery 3.3.1: specifically CVE-2020-7656, CVE-2020-11022, and CVE-2020-11023

Affected Products:

Single-Function:

All 2016 - 2020 Lexmark Color and Mono products

Multifunction

:

All 2016 - 2020 Lexmark Color and Mono products

Issue Description:

Some vulnerability scanners report that Lexmark printers have vulnerabilities for an outdated jQuery version (3.3.1) JavaScript library.

Additional Details:

Despite security scanners flagging the version of jQuery being used by Lexmark as vulnerable, this vulnerability is

not exploitable

in Lexmark firmware and apps.

The Lexmark development team has analyzed CVE-2020-7656, CVE-2020-11022 and CVE-2020-11023, and jQuery 3.5.0 release publications and identified the following items in our code which prevented vulnerability exposure related to these CVEs:

  • All HTML forms and templates used adhere to standard HTML style guide and coding conventions.

  • These forms and templates are internally generated and no external (untrusted) JavaScript code are sourced.

If running third party Embedded Solutions Framework (ESF) Applications, please reach out to the developer of those applications.

Still Need Help?

Have the following available when calling Lexmark Technical Support;

  • Printer model(s)

  • Printer serial number

  • Software / Solution

LEGACY ID: SO8969

Czy ten artykuł był pomocny?
Top