We are getting following vulnerabilities on one of our PA Firewall. Kindly suggest the next PoA regarding mentioned vulnerabilities.
HSTS Missing From HTTPS Server
JQuery 1.2 < 3.5.0 Multiple XSS
CGI abuses : XSS
Kindly review and share us with your inputs. Awaiting for response !!
@laurence64-- Please find the answer for your queries below.
What scanner is this ? -- Ans.. Nessus Vulnerability Scanner
Am I correct in assuming you are scanning the mgmt of the PA ? Ans.. Yes, scanned the MGMT interface only
What Version of code is your PA running ? Ans.. PAN OS 9.1.3-h1
Do let us know if you need any other information. Awaiting for your reply !!
Will try by upgrading the firewall to 9.1.5 to see whether it helps us on this.
Also can you please share me with the reference document that points this point that HSTS issue was resolved in 9.1.5 and JQuery is targeted to resolved in 9.1.8 software code. This will help us for reference.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!