Outdated Software used

Overview

Description

The web application uses various Javascript libraries, frameworks, and CMS, like WordPress.

The component that the website is using may have known vulnerability.

Past study shows that,

Many data breach happens due to a known vulnerability in the component.

An attacker can easily target IoT devices, as they are generally not updated from time to time.

1. Outdated CMS (Content management system)
  • CMS like WordPress, Shopify, open cart are most widely used over the internet.
  • Whenever an attacker finds some vulnerability, he can exploit the same vulnerability on a large number of websites.
  • Each CMS which is not updated to the latest version is vulnerable to some attack.
2. Outdated javascript libraries
  • The website contains many javascript files and libraries.
  • Javascript libraries like Jquery, Bootstrap are used on almost every website.
  • It is difficult for developers to maintain these JS libraries and keep them updated.

Example

According to this, 60% of Breaches in 2019 Involved Unpatched Vulnerabilities (a patch was available, but not applied).

Impact

The impact of this depends on the vulnerability that the component has.

It may have critical vulnerability having a significant impact.

Prevention

  • Update libraries you are using from time to time.
  • Remove unused dependencies, features, components.
  • Monitor CVE for the components you are using.

Tools

  • retire.js : scanner detecting the use of JavaScript libraries with known vulnerabilities.