GFI Support Home Start a conversation Sign in
Start a conversation
  1. Exinda
  2. GFI - Exinda Network Orchestrator Articles
  3. Articles

Remediating “jQuery Vulnerability: CVE-2020-7656” on Exinda Network Orchestrator (Upgrade to v7.5.7+)

Contents

Overview

A vulnerability scan may report "jQuery Vulnerability: CVE-2020-7656" against the Exinda Network Orchestrator management UI (for example, on v7.5.0 (0022)).

This is addressed by a product update: the remediation is fixed in Exinda Network Orchestrator v7.5.7 (released Jan 31, 2025). To remediate, upgrade the appliance firmware to v7.5.7 or later using the standard Exinda UI upgrade process, then re-run the vulnerability scan to verify the finding is cleared.

Solution

Issue / Symptom

A security/vulnerability scan reports the following finding on the Exinda appliance UI:

  • "jQuery Vulnerability: CVE-2020-7656"

Affected environment (reported)

  • Exinda Network Orchestrator v7.5.0 (0022)

Resolution

Fixed version

  • The CVE remediation is fixed in Exinda Network Orchestrator v7.5.7 (release date: Jan 31, 2025).

What to do

Upgrade the Exinda Network Orchestrator firmware to v7.5.7 or later (latest available).

Step-by-step (recommended approach)

  1. Confirm the currently installed firmware version
    • In the Exinda administrative UI, locate the system/version information and confirm you are on an older version (for example, v7.5.0 (0022)).
  2. Obtain the target firmware
    • Use the official Exinda Network Orchestrator product releases/download page (from GFI documentation/resources) to identify and obtain v7.5.7 or the latest available release.
  3. Upgrade using the Exinda UI
    • Follow the official procedure in the “Upgrading the Exinda firmware” guide (upgrade via the user interface is the recommended/safest method).
    • Upload/apply the firmware image as instructed by the guide and allow the upgrade to complete (including any required reboot).
  4. Post-upgrade verification
    • Log back into the UI and confirm the running firmware version is v7.5.7 (or later).
    • Re-run the same vulnerability scan and confirm the finding "jQuery Vulnerability: CVE-2020-7656" is no longer reported.

Product confirmation note

This remediation was confirmed with the product team as being delivered in the stated firmware release (v7.5.7).

If the finding persists after upgrade

  • Confirm the scanner is targeting the correct endpoint/device and that the scan results have been refreshed (not cached).
  • Collect the new scan output and the appliance’s current firmware version and open a support case for further review.

Frequently Asked Questions

1. How do I know this is the same issue?
Your vulnerability scanner will explicitly report the finding: "jQuery Vulnerability: CVE-2020-7656" against the Exinda Network Orchestrator UI/appliance.
2. What version contains the fix?
The remediation is confirmed in Exinda Network Orchestrator v7.5.7 (released Jan 31, 2025). Upgrading to v7.5.7 or later is recommended.
3. What is the recommended way to apply the fix?
Upgrade the appliance firmware using the official “Upgrading the Exinda firmware” procedure, preferably performing the upgrade via the Exinda UI, then confirm the version and re-run the vulnerability scan.
4. How do I verify the fix worked?
After upgrading, verify the appliance reports v7.5.7 (or later) in its system/version info, then re-run the same vulnerability scan and confirm "jQuery Vulnerability: CVE-2020-7656" is cleared.
5. What should I do if I upgraded but the scanner still flags the CVE?
Ensure you are scanning the correct device/UI endpoint and that the scanner results are current. If it still flags the CVE, provide the scan report and your running firmware version to support for further investigation.
Choose files or drag and drop files
ai_initiated
atlas_studio
kb_automation
Was this article helpful?
Yes
No

  1. Priyanka Bhotika

  2. Posted

Comments