My Oracle Support Banner

Application Vulnerability - Need Updated Yui Js V3.18.1 (Doc ID 2584878.1)

Last updated on OCTOBER 02, 2019

Applies to:

Oracle Financial Services Revenue Management and Billing - Version 2.6.0.1.0 and later
Information in this document applies to any platform.

Goal

On RMB v2.6.0.1.0 against FW v4.3.0.4, application is running a vulnerable version of YUI 2.9.0 which can impact XSS.

This article confirms if Product needs to upgrade to YUI v2.9.0 needed for current FW version. Also if it needs to upgrade to latest YUI version soon.

Below is the current Version Snippet info:

-----------
/*
Copyright (c) 2011, Yahoo! Inc. All rights reserved.
Code licensed under the BSD License:
http://developer.yahoo.com/yui/license.html
version: 2.9.0
*/

Remediation Recommendations:
Upgrade the affected service to the latest secure version. At the time of this writing, the latest secure version of YUI is v3.18.1, released October 22, 2014.
-------------

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.