Search criteria
3 vulnerabilities found for InTouch Access Anywhere by AVEVA
VAR-201801-0036
Vulnerability from variot - Updated: 2025-12-22 19:52jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. JQuery is prone to a cross-site-scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Versions prior to JQuery 3.0.0 are vulnerable. jQuery is an open source, cross-browser JavaScript library developed by American John Resig programmers. The library simplifies the operation between HTML and JavaScript, and has the characteristics of modularization and plug-in extension. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. 8) - aarch64, noarch, ppc64le, s390x, x86_64
- Description:
The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System. 1732565 - CVE-2019-10221 pki-core: Reflected XSS in getcookies?url= endpoint in CA 1732981 - When nuxwdog is enabled pkidaemon status shows instances as stopped. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/):
JBEAP-23864 - (7.4.z) Upgrade xmlsec from 2.1.7.redhat-00001 to 2.2.3.redhat-00001 JBEAP-23865 - GSS Upgrade Apache CXF from 3.3.13.redhat-00001 to 3.4.10.redhat-00001 JBEAP-23866 - (7.4.z) Upgrade wss4j from 2.2.7.redhat-00001 to 2.3.3.redhat-00001 JBEAP-23926 - Tracker bug for the EAP 7.4.9 release for RHEL-7 JBEAP-24055 - (7.4.z) Upgrade HAL from 3.3.15.Final-redhat-00001 to 3.3.16.Final-redhat-00001 JBEAP-24081 - (7.4.z) Upgrade Elytron from 1.15.14.Final-redhat-00001 to 1.15.15.Final-redhat-00001 JBEAP-24095 - (7.4.z) Upgrade elytron-web from 1.9.2.Final-redhat-00001 to 1.9.3.Final-redhat-00001 JBEAP-24100 - GSS Upgrade Undertow from 2.2.20.SP1-redhat-00001 to 2.2.22.SP3-redhat-00001 JBEAP-24127 - (7.4.z) UNDERTOW-2123 - Update AsyncContextImpl.dispatch to use proper value JBEAP-24128 - (7.4.z) Upgrade Hibernate Search from 5.10.7.Final-redhat-00001 to 5.10.13.Final-redhat-00001 JBEAP-24132 - GSS Upgrade Ironjacamar from 1.5.3.SP2-redhat-00001 to 1.5.10.Final-redhat-00001 JBEAP-24147 - (7.4.z) Upgrade jboss-ejb-client from 4.0.45.Final-redhat-00001 to 4.0.49.Final-redhat-00001 JBEAP-24167 - (7.4.z) Upgrade WildFly Core from 15.0.19.Final-redhat-00001 to 15.0.21.Final-redhat-00002 JBEAP-24191 - GSS Upgrade remoting from 5.0.26.SP1-redhat-00001 to 5.0.27.Final-redhat-00001 JBEAP-24195 - GSS Upgrade JSF API from 3.0.0.SP06-redhat-00001 to 3.0.0.SP07-redhat-00001 JBEAP-24207 - (7.4.z) Upgrade Soteria from 1.0.1.redhat-00002 to 1.0.1.redhat-00003 JBEAP-24248 - (7.4.z) ELY-2492 - Upgrade sshd-common in Elytron from 2.7.0 to 2.9.2 JBEAP-24426 - (7.4.z) Upgrade Elytron from 1.15.15.Final-redhat-00001 to 1.15.16.Final-redhat-00001 JBEAP-24427 - (7.4.z) Upgrade WildFly Core from 15.0.21.Final-redhat-00002 to 15.0.22.Final-redhat-00001
- Description:
Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project. Solution:
To install this update, do the following:
- Download the Data Grid 7.3.5 server patch from the customer portal. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on. Install the Data Grid 7.3.5 server patch. Refer to the 7.3 Release Notes for patching instructions. Restart Data Grid to ensure the changes take effect. Bugs fixed (https://bugzilla.redhat.com/):
1399546 - CVE-2015-9251 js-jquery: Cross-site scripting via cross-domain ajax requests 1755831 - CVE-2019-16335 jackson-databind: polymorphic typing issue related to com.zaxxer.hikari.HikariDataSource 1758171 - CVE-2019-14892 jackson-databind: Serialization gadgets in classes of the commons-configuration package 1758182 - CVE-2019-14893 jackson-databind: Serialization gadgets in classes of the xalan package 1772464 - CVE-2019-14888 undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: ipa security, bug fix, and enhancement update Advisory ID: RHSA-2020:3936-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:3936 Issue date: 2020-09-29 CVE Names: CVE-2015-9251 CVE-2016-10735 CVE-2018-14040 CVE-2018-14042 CVE-2018-20676 CVE-2018-20677 CVE-2019-8331 CVE-2019-11358 CVE-2020-1722 CVE-2020-11022 ==================================================================== 1. Summary:
An update for ipa is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
- Description:
Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments.
The following packages have been upgraded to a later upstream version: ipa (4.6.8). (BZ#1819725)
Security Fix(es):
-
js-jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)
-
bootstrap: XSS in the data-target attribute (CVE-2016-10735)
-
bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)
-
bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip. (CVE-2018-14042)
-
bootstrap: XSS in the tooltip data-viewport attribute (CVE-2018-20676)
-
bootstrap: XSS in the affix configuration target property (CVE-2018-20677)
-
bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)
-
js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection (CVE-2019-11358)
-
jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
-
ipa: No password length restriction leads to denial of service (CVE-2020-1722)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1399546 - CVE-2015-9251 js-jquery: Cross-site scripting via cross-domain ajax requests 1404770 - ID Views: do not allow custom Views for the masters 1545755 - ipa-replica-prepare should not update pki admin password. 1601614 - CVE-2018-14040 bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute 1601617 - CVE-2018-14042 bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip. 1668082 - CVE-2018-20676 bootstrap: XSS in the tooltip data-viewport attribute 1668089 - CVE-2018-20677 bootstrap: XSS in the affix configuration target property 1668097 - CVE-2016-10735 bootstrap: XSS in the data-target attribute 1686454 - CVE-2019-8331 bootstrap: XSS in the tooltip or popover data-template attribute 1701972 - CVE-2019-11358 js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection 1754902 - Running ipa-server-install fails when RHEL 7.7 packages are installed on RHEL 7.6 1755535 - ipa-advise on a RHEL7 IdM server is not able to generate a configuration script for a RHEL8 IdM client 1756568 - ipa-server-certinstall man page does not match built-in help. 1758406 - KRA authentication fails when IPA CA has custom Subject DN 1769791 - Invisible part of notification area in Web UI intercepts clicks of some page elements 1771356 - Default client configuration breaks ssh in FIPS mode. 1780548 - Man page ipa-cacert-manage does not display correctly on RHEL 1782587 - add "systemctl restart sssd" to warning message when adding trust agents to replicas 1788718 - ipa-server-install incorrectly setting slew mode (-x) when setting up ntpd 1788907 - Renewed certs are not picked up by IPA CAs 1793071 - CVE-2020-1722 ipa: No password length restriction leads to denial of service 1795890 - ipa-pkinit-manage enable fails on replica if it doesn't host the CA 1801791 - Compatibility Schema difference in functionality for systems following RHEL 7.5 -> 7.6 upgrade path as opposed to new RHEL 7.6 systems 1817886 - ipa group-add-member: prevent adding IPA objects as external members 1817918 - Secure tomcat AJP connector 1817919 - Enable compat tree to provide information about AD users and groups on trust agents 1817922 - covscan memory leaks report 1817923 - IPA upgrade is failing with error "Failed to get request: bus, object_path and dbus_interface must not be None." 1817927 - host-add --password logs cleartext userpassword to Apache error log 1819725 - Rebase IPA to latest 4.6.x version 1825829 - ipa-advise on a RHEL7 IdM server generate a configuration script for client having hardcoded python3 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1829787 - ipa service-del deletes the required principal when specified in lower/upper case 1834385 - Man page syntax issue detected by rpminspect 1842950 - ipa-adtrust-install fails when replica is offline
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: ipa-4.6.8-5.el7.src.rpm
noarch: ipa-client-common-4.6.8-5.el7.noarch.rpm ipa-common-4.6.8-5.el7.noarch.rpm ipa-python-compat-4.6.8-5.el7.noarch.rpm python2-ipaclient-4.6.8-5.el7.noarch.rpm python2-ipalib-4.6.8-5.el7.noarch.rpm
x86_64: ipa-client-4.6.8-5.el7.x86_64.rpm ipa-debuginfo-4.6.8-5.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
noarch: ipa-server-common-4.6.8-5.el7.noarch.rpm ipa-server-dns-4.6.8-5.el7.noarch.rpm python2-ipaserver-4.6.8-5.el7.noarch.rpm
x86_64: ipa-debuginfo-4.6.8-5.el7.x86_64.rpm ipa-server-4.6.8-5.el7.x86_64.rpm ipa-server-trust-ad-4.6.8-5.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: ipa-4.6.8-5.el7.src.rpm
noarch: ipa-client-common-4.6.8-5.el7.noarch.rpm ipa-common-4.6.8-5.el7.noarch.rpm ipa-python-compat-4.6.8-5.el7.noarch.rpm python2-ipaclient-4.6.8-5.el7.noarch.rpm python2-ipalib-4.6.8-5.el7.noarch.rpm
x86_64: ipa-client-4.6.8-5.el7.x86_64.rpm ipa-debuginfo-4.6.8-5.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
noarch: ipa-server-common-4.6.8-5.el7.noarch.rpm ipa-server-dns-4.6.8-5.el7.noarch.rpm python2-ipaserver-4.6.8-5.el7.noarch.rpm
x86_64: ipa-debuginfo-4.6.8-5.el7.x86_64.rpm ipa-server-4.6.8-5.el7.x86_64.rpm ipa-server-trust-ad-4.6.8-5.el7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: ipa-4.6.8-5.el7.src.rpm
noarch: ipa-client-common-4.6.8-5.el7.noarch.rpm ipa-common-4.6.8-5.el7.noarch.rpm ipa-python-compat-4.6.8-5.el7.noarch.rpm ipa-server-common-4.6.8-5.el7.noarch.rpm ipa-server-dns-4.6.8-5.el7.noarch.rpm python2-ipaclient-4.6.8-5.el7.noarch.rpm python2-ipalib-4.6.8-5.el7.noarch.rpm python2-ipaserver-4.6.8-5.el7.noarch.rpm
ppc64: ipa-client-4.6.8-5.el7.ppc64.rpm ipa-debuginfo-4.6.8-5.el7.ppc64.rpm
ppc64le: ipa-client-4.6.8-5.el7.ppc64le.rpm ipa-debuginfo-4.6.8-5.el7.ppc64le.rpm
s390x: ipa-client-4.6.8-5.el7.s390x.rpm ipa-debuginfo-4.6.8-5.el7.s390x.rpm
x86_64: ipa-client-4.6.8-5.el7.x86_64.rpm ipa-debuginfo-4.6.8-5.el7.x86_64.rpm ipa-server-4.6.8-5.el7.x86_64.rpm ipa-server-trust-ad-4.6.8-5.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: ipa-4.6.8-5.el7.src.rpm
noarch: ipa-client-common-4.6.8-5.el7.noarch.rpm ipa-common-4.6.8-5.el7.noarch.rpm ipa-python-compat-4.6.8-5.el7.noarch.rpm ipa-server-common-4.6.8-5.el7.noarch.rpm ipa-server-dns-4.6.8-5.el7.noarch.rpm python2-ipaclient-4.6.8-5.el7.noarch.rpm python2-ipalib-4.6.8-5.el7.noarch.rpm python2-ipaserver-4.6.8-5.el7.noarch.rpm
x86_64: ipa-client-4.6.8-5.el7.x86_64.rpm ipa-debuginfo-4.6.8-5.el7.x86_64.rpm ipa-server-4.6.8-5.el7.x86_64.rpm ipa-server-trust-ad-4.6.8-5.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2015-9251 https://access.redhat.com/security/cve/CVE-2016-10735 https://access.redhat.com/security/cve/CVE-2018-14040 https://access.redhat.com/security/cve/CVE-2018-14042 https://access.redhat.com/security/cve/CVE-2018-20676 https://access.redhat.com/security/cve/CVE-2018-20677 https://access.redhat.com/security/cve/CVE-2019-8331 https://access.redhat.com/security/cve/CVE-2019-11358 https://access.redhat.com/security/cve/CVE-2020-1722 https://access.redhat.com/security/cve/CVE-2020-11022 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBX3Of/9zjgjWX9erEAQjmHBAAi+u4CgMbaduuYvMAMbNKqT/0X8Y02udQ maW4rfZ6udfHWJ21h1VlD/INXHB3sBFC2vpXsgJD7dTkUsZYIx73LrQFkakTzIWc xSQalxNs+Fjh/ot/JMiKQzQUmZeu/vUYgVB81y+hczg5dys3q1mnu42GWe18sJIc FCY2R3mBTnFUZoc/3JDHeVRJU8eq51oqRgNaz+Fl+CoFkR81P6mD8wybIIAsBx14 Ykya/awQf+OuBCe5tqfTV1+KS2U4+tqiqapzALt7dhjfA9Jayc9/UvQjGCyrmGvP +BBBPSqGOS81jpPo0ouM3OtadWrGAWERMwtrR+POUp1rnMxy2kI0EpebnzSOtJy2 xExPZtcTjjgWvIMDdrJJ5DXG6cP5j3GjyvFknmCtCqvXzo90gw73psi6roG+g/a8 UyML+be8jnJK7571X3dz6OCYBExaHqM21ukUEfdvddszhw92J3fxmDm5+picETB9 dZ++VtV1lCBOlKW1SDG/ggk7PeSRGTDL5IkekopO1w89r3QsfqyFudlsNT0dDgk7 8Kzn8YpCWln1Kp0UbVushKRT+KllZRTKzXTBfiEWiYtQiwyL9zj/DrxagXXbiPe7 5mZnk62sAdKya3On4ejgPQ8Nq8oKHzRfaig/CNaNiB00HgZcRdQokPQ9+DRnkdNS UR3S5ZAZvb8=SWQt -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . http://secureli.com/retirejs-vulnerabilities-identified-with-retirejs/
I decided to scan RetireJS using its own codebase, and discovered the following issues in RetireJS:
/home/omi/clients/retire/firefox/test/web/dojo.js ↳ dojo 1.4.2 has known vulnerabilities: severity: medium; PR: 307; https://github.com/dojo/dojo/pull/307 https://dojotoolkit.org/blog/dojo-1-14-released
/home/omi/clients/retire/firefox/test/web/retire-example-0.0.1.js ↳ retire-example 0.0.1 has known vulnerabilities: severity: low; CVE: CVE-XXXX-XXXX, bug: 1234, summary: bug summary; http://github.com/eoftedal/retire.js/
/home/omi/clients/retire/firefox/test/web/retire-example.js ↳ retire-example 0.0.1 has known vulnerabilities: severity: low; CVE: CVE-XXXX-XXXX, bug: 1234, summary: bug summary; http://github.com/eoftedal/retire.js/
/home/omi/clients/retire/node/spec/tests/contentscan.spec.js ↳ jquery 1.8.1 has known vulnerabilities: severity: medium; CVE: CVE-2012-6708, bug: 11290, summary: Selector interpreted as HTML; http://bugs.jquery.com/ticket/11290 https://nvd.nist.gov/vuln/detail/CVE-2012-6708 http://research.insecurelabs.org/jquery/test/ severity: medium; issue: 2432, summary: 3rd party CORS request may execute, CVE: CVE-2015-9251; https://github.com/jquery/jquery/issues/2432 http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/ https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/ severity: medium; CVE: CVE-2015-9251, issue: 11974, summary: parseHTML() executes scripts in event handlers; https://bugs.jquery.com/ticket/11974 https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/ severity: low; CVE: CVE-2019-11358, summary: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) because of Object.prototype pollution; https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/ https://nvd.nist.gov/vuln/detail/CVE-2019-11358 https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201801-0036",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "12.2.1.3"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"model": "service bus",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "service bus",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "retail workforce management software",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "1.60.9"
},
{
"model": "retail sales audit",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail invoice matching",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail customer insights",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "retail customer insights",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail allocation",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "15.0.2"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "18.8"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "16.2"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "16.1"
},
{
"model": "primavera gateway",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "17.12"
},
{
"model": "primavera gateway",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "16.2"
},
{
"model": "primavera gateway",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "15.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "8.57"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "8.56"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "8.55"
},
{
"model": "oss support tools",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "19.1"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "insurance insbridge rating and underwriting",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "5.5"
},
{
"model": "insurance insbridge rating and underwriting",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "5.4"
},
{
"model": "insurance insbridge rating and underwriting",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "5.2"
},
{
"model": "hospitality materials control",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "18.1"
},
{
"model": "hospitality guest access",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "4.2.1"
},
{
"model": "healthcare foundation",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "7.2"
},
{
"model": "healthcare foundation",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "7.1"
},
{
"model": "fusion middleware mapviewer",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "financial services reconciliation framework",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "financial services reconciliation framework",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "8.0.5"
},
{
"model": "financial services market risk measurement and management",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "financial services market risk measurement and management",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "8.0.5"
},
{
"model": "enterprise operations monitor",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "4.0"
},
{
"model": "enterprise operations monitor",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "3.4"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "12.3.3"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "12.2.2"
},
{
"model": "communications interactive session recorder",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "communications interactive session recorder",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "6.1"
},
{
"model": "communications interactive session recorder",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "6.0"
},
{
"model": "business process management suite",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "business process management suite",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "business process management suite",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "2.6.2"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "2.6.1"
},
{
"model": "agile product lifecycle management for process",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "6.2.3.1"
},
{
"model": "agile product lifecycle management for process",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "6.2.3.0"
},
{
"model": "agile product lifecycle management for process",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "6.2.2.0"
},
{
"model": "agile product lifecycle management for process",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "6.2.1.0"
},
{
"model": "agile product lifecycle management for process",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"model": "endeca information discovery studio",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.2.0"
},
{
"model": "financial services loan loss forecasting and provisioning",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "hospitality cruise fleet management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.0.11"
},
{
"model": "financial services asset liability management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "financial services profitability management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "financial services profitability management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.4"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "utilities framework",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "4.3.0.4"
},
{
"model": "financial services asset liability management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.4"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.6.0"
},
{
"model": "financial services data integration hub",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "healthcare translational research",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.1.0"
},
{
"model": "hospitality guest access",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.2.0"
},
{
"model": "communications converged application server",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "7.0.0.1"
},
{
"model": "endeca information discovery studio",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.1.0"
},
{
"model": "siebel ui framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.10"
},
{
"model": "utilities framework",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "4.3.0.1"
},
{
"model": "financial services funds transfer pricing",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "hospitality reporting and analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.1.0"
},
{
"model": "primavera unifier",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.1"
},
{
"model": "primavera unifier",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"model": "jquery",
"scope": "lt",
"trust": 1.0,
"vendor": "jquery",
"version": "3.0.0"
},
{
"model": "utilities mobile workforce management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.3.0"
},
{
"model": "financial services loan loss forecasting and provisioning",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.2"
},
{
"model": "communications webrtc session controller",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "7.2"
},
{
"model": "financial services hedge management and ifrs valuations",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.1.8.0"
},
{
"model": "retail workforce management software",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.64.0"
},
{
"model": "financial services data integration hub",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.5"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "financial services funds transfer pricing",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.4"
},
{
"model": "financial services liquidity risk management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.2"
},
{
"model": "siebel ui framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.11"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.3"
},
{
"model": "financial services liquidity risk management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "financial services hedge management and ifrs valuations",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.4"
},
{
"model": "communications services gatekeeper",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "6.1.0.4.0"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "real-time scheduler",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.3.0"
},
{
"model": "jquery",
"scope": "eq",
"trust": 0.9,
"vendor": "jquery",
"version": "1.6.3"
},
{
"model": "jquery",
"scope": "eq",
"trust": 0.9,
"vendor": "jquery",
"version": "1.6.2"
},
{
"model": "jquery",
"scope": "eq",
"trust": 0.9,
"vendor": "jquery",
"version": "1.6.1"
},
{
"model": "jquery",
"scope": "eq",
"trust": 0.9,
"vendor": "jquery",
"version": "1.4.2"
},
{
"model": "jquery",
"scope": "eq",
"trust": 0.9,
"vendor": "jquery",
"version": "1.8.1"
},
{
"model": "jquery",
"scope": "eq",
"trust": 0.9,
"vendor": "jquery",
"version": "1.8.0"
},
{
"model": "jquery",
"scope": "eq",
"trust": 0.9,
"vendor": "jquery",
"version": "1.7.2"
},
{
"model": "jquery",
"scope": "eq",
"trust": 0.9,
"vendor": "jquery",
"version": "1.7.1"
},
{
"model": "jquery",
"scope": "eq",
"trust": 0.9,
"vendor": "jquery",
"version": "1.6.4"
},
{
"model": "jquery",
"scope": "eq",
"trust": 0.9,
"vendor": "jquery",
"version": "1.6"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.18.0"
},
{
"model": "utilities mobile workforce management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.3"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.4"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.3.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.1"
},
{
"model": "retail workforce management software",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.64"
},
{
"model": "real-time scheduler",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.3.0.0"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "17.7"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "17.12"
},
{
"model": "hospitality reporting and analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.1"
},
{
"model": "hospitality guest access",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2"
},
{
"model": "healthcare translational research",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1"
},
{
"model": "financial services profitability management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "financial services profitability management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.5"
},
{
"model": "financial services profitability management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.4"
},
{
"model": "financial services loan loss forecasting and provisioning",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "financial services loan loss forecasting and provisioning",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.5"
},
{
"model": "financial services loan loss forecasting and provisioning",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.4"
},
{
"model": "financial services loan loss forecasting and provisioning",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.3"
},
{
"model": "financial services loan loss forecasting and provisioning",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.2"
},
{
"model": "financial services liquidity risk management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "financial services liquidity risk management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.4"
},
{
"model": "financial services liquidity risk management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.2"
},
{
"model": "financial services hedge management and ifrs valuations",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "financial services hedge management and ifrs valuations",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.5"
},
{
"model": "financial services hedge management and ifrs valuations",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.4"
},
{
"model": "financial services funds transfer pricing",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "financial services funds transfer pricing",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.5"
},
{
"model": "financial services funds transfer pricing",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.4"
},
{
"model": "financial services data integration hub",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "financial services data integration hub",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.5"
},
{
"model": "financial services asset liability management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "financial services asset liability management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.5"
},
{
"model": "financial services asset liability management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.4"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.5"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.4"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.3"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.2"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.1"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.4"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.3"
},
{
"model": "endeca information discovery studio",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "endeca information discovery studio",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1"
},
{
"model": "diagnostic assistant",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.12"
},
{
"model": "communications webrtc session controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.1"
},
{
"model": "communications webrtc session controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "communications converged application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "communications application session controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.8"
},
{
"model": "communications application session controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.7.1"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.6"
},
{
"model": "jquery",
"scope": "eq",
"trust": 0.3,
"vendor": "jquery",
"version": "1.9"
},
{
"model": "jquery",
"scope": "eq",
"trust": 0.3,
"vendor": "jquery",
"version": "1.2.6"
},
{
"model": "jquery",
"scope": "eq",
"trust": 0.3,
"vendor": "jquery",
"version": "2.2"
},
{
"model": "jquery",
"scope": "eq",
"trust": 0.3,
"vendor": "jquery",
"version": "2.1"
},
{
"model": "intouch access anywhere update",
"scope": "eq",
"trust": 0.3,
"vendor": "aveva",
"version": "20172"
},
{
"model": "intouch access anywhere",
"scope": "eq",
"trust": 0.3,
"vendor": "aveva",
"version": "2017"
},
{
"model": "diagnostic assistant",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "2.12.36"
},
{
"model": "communications webrtc session controller",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2"
},
{
"model": "communications converged application server",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.0.1"
},
{
"model": "jquery",
"scope": "ne",
"trust": 0.3,
"vendor": "jquery",
"version": "3.0"
},
{
"model": "intouch access anywhere update 2b",
"scope": "ne",
"trust": 0.3,
"vendor": "aveva",
"version": "2017"
}
],
"sources": [
{
"db": "BID",
"id": "105658"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-798"
},
{
"db": "NVD",
"id": "CVE-2015-9251"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "159852"
},
{
"db": "PACKETSTORM",
"id": "170821"
},
{
"db": "PACKETSTORM",
"id": "170817"
},
{
"db": "PACKETSTORM",
"id": "156630"
},
{
"db": "PACKETSTORM",
"id": "159876"
},
{
"db": "PACKETSTORM",
"id": "159353"
}
],
"trust": 0.6
},
"cve": "CVE-2015-9251",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2015-9251",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-87212",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2015-9251",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-9251",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201801-798",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-87212",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-87212"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-798"
},
{
"db": "NVD",
"id": "CVE-2015-9251"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. JQuery is prone to a cross-site-scripting vulnerability because it fails to sufficiently sanitize user-supplied input. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. \nVersions prior to JQuery 3.0.0 are vulnerable. jQuery is an open source, cross-browser JavaScript library developed by American John Resig programmers. The library simplifies the operation between HTML and JavaScript, and has the characteristics of modularization and plug-in extension. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe Public Key Infrastructure (PKI) Core contains fundamental packages\nrequired by Red Hat Certificate System. \n1732565 - CVE-2019-10221 pki-core: Reflected XSS in getcookies?url= endpoint in CA\n1732981 - When nuxwdog is enabled pkidaemon status shows instances as stopped. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-23864 - (7.4.z) Upgrade xmlsec from 2.1.7.redhat-00001 to 2.2.3.redhat-00001\nJBEAP-23865 - [GSS](7.4.z) Upgrade Apache CXF from 3.3.13.redhat-00001 to 3.4.10.redhat-00001\nJBEAP-23866 - (7.4.z) Upgrade wss4j from 2.2.7.redhat-00001 to 2.3.3.redhat-00001\nJBEAP-23926 - Tracker bug for the EAP 7.4.9 release for RHEL-7\nJBEAP-24055 - (7.4.z) Upgrade HAL from 3.3.15.Final-redhat-00001 to 3.3.16.Final-redhat-00001\nJBEAP-24081 - (7.4.z) Upgrade Elytron from 1.15.14.Final-redhat-00001 to 1.15.15.Final-redhat-00001\nJBEAP-24095 - (7.4.z) Upgrade elytron-web from 1.9.2.Final-redhat-00001 to 1.9.3.Final-redhat-00001\nJBEAP-24100 - [GSS](7.4.z) Upgrade Undertow from 2.2.20.SP1-redhat-00001 to 2.2.22.SP3-redhat-00001\nJBEAP-24127 - (7.4.z) UNDERTOW-2123 - Update AsyncContextImpl.dispatch to use proper value\nJBEAP-24128 - (7.4.z) Upgrade Hibernate Search from 5.10.7.Final-redhat-00001 to 5.10.13.Final-redhat-00001\nJBEAP-24132 - [GSS](7.4.z) Upgrade Ironjacamar from 1.5.3.SP2-redhat-00001 to 1.5.10.Final-redhat-00001\nJBEAP-24147 - (7.4.z) Upgrade jboss-ejb-client from 4.0.45.Final-redhat-00001 to 4.0.49.Final-redhat-00001\nJBEAP-24167 - (7.4.z) Upgrade WildFly Core from 15.0.19.Final-redhat-00001 to 15.0.21.Final-redhat-00002\nJBEAP-24191 - [GSS](7.4.z) Upgrade remoting from 5.0.26.SP1-redhat-00001 to 5.0.27.Final-redhat-00001\nJBEAP-24195 - [GSS](7.4.z) Upgrade JSF API from 3.0.0.SP06-redhat-00001 to 3.0.0.SP07-redhat-00001\nJBEAP-24207 - (7.4.z) Upgrade Soteria from 1.0.1.redhat-00002 to 1.0.1.redhat-00003\nJBEAP-24248 - (7.4.z) ELY-2492 - Upgrade sshd-common in Elytron from 2.7.0 to 2.9.2\nJBEAP-24426 - (7.4.z) Upgrade Elytron from 1.15.15.Final-redhat-00001 to 1.15.16.Final-redhat-00001\nJBEAP-24427 - (7.4.z) Upgrade WildFly Core from 15.0.21.Final-redhat-00002 to 15.0.22.Final-redhat-00001\n\n7. Description:\n\nRed Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the\nInfinispan project. Solution:\n\nTo install this update, do the following:\n\n1. Download the Data Grid 7.3.5 server patch from the customer portal. Back up your existing Data Grid installation. You should back up\ndatabases, configuration files, and so on. Install the Data Grid 7.3.5 server patch. Refer to the 7.3 Release Notes\nfor patching instructions. Restart Data Grid to ensure the changes take effect. Bugs fixed (https://bugzilla.redhat.com/):\n\n1399546 - CVE-2015-9251 js-jquery: Cross-site scripting via cross-domain ajax requests\n1755831 - CVE-2019-16335 jackson-databind: polymorphic typing issue related to com.zaxxer.hikari.HikariDataSource\n1758171 - CVE-2019-14892 jackson-databind: Serialization gadgets in classes of the commons-configuration package\n1758182 - CVE-2019-14893 jackson-databind: Serialization gadgets in classes of the xalan package\n1772464 - CVE-2019-14888 undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: ipa security, bug fix, and enhancement update\nAdvisory ID: RHSA-2020:3936-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:3936\nIssue date: 2020-09-29\nCVE Names: CVE-2015-9251 CVE-2016-10735 CVE-2018-14040\n CVE-2018-14042 CVE-2018-20676 CVE-2018-20677\n CVE-2019-8331 CVE-2019-11358 CVE-2020-1722\n CVE-2020-11022\n====================================================================\n1. Summary:\n\nAn update for ipa is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\n\n3. Description:\n\nRed Hat Identity Management (IdM) is a centralized authentication, identity\nmanagement, and authorization solution for both traditional and cloud-based\nenterprise environments. \n\nThe following packages have been upgraded to a later upstream version: ipa\n(4.6.8). (BZ#1819725)\n\nSecurity Fix(es):\n\n* js-jquery: Cross-site scripting via cross-domain ajax requests\n(CVE-2015-9251)\n\n* bootstrap: XSS in the data-target attribute (CVE-2016-10735)\n\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent\nattribute (CVE-2018-14040)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-container property of\ntooltip. (CVE-2018-14042)\n\n* bootstrap: XSS in the tooltip data-viewport attribute (CVE-2018-20676)\n\n* bootstrap: XSS in the affix configuration target property\n(CVE-2018-20677)\n\n* bootstrap: XSS in the tooltip or popover data-template attribute\n(CVE-2019-8331)\n\n* js-jquery: prototype pollution in object\u0027s prototype leading to denial of\nservice or remote code execution or property injection (CVE-2019-11358)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter\nmethod (CVE-2020-11022)\n\n* ipa: No password length restriction leads to denial of service\n(CVE-2020-1722)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.9 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1399546 - CVE-2015-9251 js-jquery: Cross-site scripting via cross-domain ajax requests\n1404770 - ID Views: do not allow custom Views for the masters\n1545755 - ipa-replica-prepare should not update pki admin password. \n1601614 - CVE-2018-14040 bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute\n1601617 - CVE-2018-14042 bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip. \n1668082 - CVE-2018-20676 bootstrap: XSS in the tooltip data-viewport attribute\n1668089 - CVE-2018-20677 bootstrap: XSS in the affix configuration target property\n1668097 - CVE-2016-10735 bootstrap: XSS in the data-target attribute\n1686454 - CVE-2019-8331 bootstrap: XSS in the tooltip or popover data-template attribute\n1701972 - CVE-2019-11358 js-jquery: prototype pollution in object\u0027s prototype leading to denial of service or remote code execution or property injection\n1754902 - Running ipa-server-install fails when RHEL 7.7 packages are installed on RHEL 7.6\n1755535 - ipa-advise on a RHEL7 IdM server is not able to generate a configuration script for a RHEL8 IdM client\n1756568 - ipa-server-certinstall man page does not match built-in help. \n1758406 - KRA authentication fails when IPA CA has custom Subject DN\n1769791 - Invisible part of notification area in Web UI intercepts clicks of some page elements\n1771356 - Default client configuration breaks ssh in FIPS mode. \n1780548 - Man page ipa-cacert-manage does not display correctly on RHEL\n1782587 - add \"systemctl restart sssd\" to warning message when adding trust agents to replicas\n1788718 - ipa-server-install incorrectly setting slew mode (-x) when setting up ntpd\n1788907 - Renewed certs are not picked up by IPA CAs\n1793071 - CVE-2020-1722 ipa: No password length restriction leads to denial of service\n1795890 - ipa-pkinit-manage enable fails on replica if it doesn\u0027t host the CA\n1801791 - Compatibility Schema difference in functionality for systems following RHEL 7.5 -\u003e 7.6 upgrade path as opposed to new RHEL 7.6 systems\n1817886 - ipa group-add-member: prevent adding IPA objects as external members\n1817918 - Secure tomcat AJP connector\n1817919 - Enable compat tree to provide information about AD users and groups on trust agents\n1817922 - covscan memory leaks report\n1817923 - IPA upgrade is failing with error \"Failed to get request: bus, object_path and dbus_interface must not be None.\"\n1817927 - host-add --password logs cleartext userpassword to Apache error log\n1819725 - Rebase IPA to latest 4.6.x version\n1825829 - ipa-advise on a RHEL7 IdM server generate a configuration script for client having hardcoded python3\n1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method\n1829787 - ipa service-del deletes the required principal when specified in lower/upper case\n1834385 - Man page syntax issue detected by rpminspect\n1842950 - ipa-adtrust-install fails when replica is offline\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nipa-4.6.8-5.el7.src.rpm\n\nnoarch:\nipa-client-common-4.6.8-5.el7.noarch.rpm\nipa-common-4.6.8-5.el7.noarch.rpm\nipa-python-compat-4.6.8-5.el7.noarch.rpm\npython2-ipaclient-4.6.8-5.el7.noarch.rpm\npython2-ipalib-4.6.8-5.el7.noarch.rpm\n\nx86_64:\nipa-client-4.6.8-5.el7.x86_64.rpm\nipa-debuginfo-4.6.8-5.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nnoarch:\nipa-server-common-4.6.8-5.el7.noarch.rpm\nipa-server-dns-4.6.8-5.el7.noarch.rpm\npython2-ipaserver-4.6.8-5.el7.noarch.rpm\n\nx86_64:\nipa-debuginfo-4.6.8-5.el7.x86_64.rpm\nipa-server-4.6.8-5.el7.x86_64.rpm\nipa-server-trust-ad-4.6.8-5.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nipa-4.6.8-5.el7.src.rpm\n\nnoarch:\nipa-client-common-4.6.8-5.el7.noarch.rpm\nipa-common-4.6.8-5.el7.noarch.rpm\nipa-python-compat-4.6.8-5.el7.noarch.rpm\npython2-ipaclient-4.6.8-5.el7.noarch.rpm\npython2-ipalib-4.6.8-5.el7.noarch.rpm\n\nx86_64:\nipa-client-4.6.8-5.el7.x86_64.rpm\nipa-debuginfo-4.6.8-5.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nnoarch:\nipa-server-common-4.6.8-5.el7.noarch.rpm\nipa-server-dns-4.6.8-5.el7.noarch.rpm\npython2-ipaserver-4.6.8-5.el7.noarch.rpm\n\nx86_64:\nipa-debuginfo-4.6.8-5.el7.x86_64.rpm\nipa-server-4.6.8-5.el7.x86_64.rpm\nipa-server-trust-ad-4.6.8-5.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nipa-4.6.8-5.el7.src.rpm\n\nnoarch:\nipa-client-common-4.6.8-5.el7.noarch.rpm\nipa-common-4.6.8-5.el7.noarch.rpm\nipa-python-compat-4.6.8-5.el7.noarch.rpm\nipa-server-common-4.6.8-5.el7.noarch.rpm\nipa-server-dns-4.6.8-5.el7.noarch.rpm\npython2-ipaclient-4.6.8-5.el7.noarch.rpm\npython2-ipalib-4.6.8-5.el7.noarch.rpm\npython2-ipaserver-4.6.8-5.el7.noarch.rpm\n\nppc64:\nipa-client-4.6.8-5.el7.ppc64.rpm\nipa-debuginfo-4.6.8-5.el7.ppc64.rpm\n\nppc64le:\nipa-client-4.6.8-5.el7.ppc64le.rpm\nipa-debuginfo-4.6.8-5.el7.ppc64le.rpm\n\ns390x:\nipa-client-4.6.8-5.el7.s390x.rpm\nipa-debuginfo-4.6.8-5.el7.s390x.rpm\n\nx86_64:\nipa-client-4.6.8-5.el7.x86_64.rpm\nipa-debuginfo-4.6.8-5.el7.x86_64.rpm\nipa-server-4.6.8-5.el7.x86_64.rpm\nipa-server-trust-ad-4.6.8-5.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nipa-4.6.8-5.el7.src.rpm\n\nnoarch:\nipa-client-common-4.6.8-5.el7.noarch.rpm\nipa-common-4.6.8-5.el7.noarch.rpm\nipa-python-compat-4.6.8-5.el7.noarch.rpm\nipa-server-common-4.6.8-5.el7.noarch.rpm\nipa-server-dns-4.6.8-5.el7.noarch.rpm\npython2-ipaclient-4.6.8-5.el7.noarch.rpm\npython2-ipalib-4.6.8-5.el7.noarch.rpm\npython2-ipaserver-4.6.8-5.el7.noarch.rpm\n\nx86_64:\nipa-client-4.6.8-5.el7.x86_64.rpm\nipa-debuginfo-4.6.8-5.el7.x86_64.rpm\nipa-server-4.6.8-5.el7.x86_64.rpm\nipa-server-trust-ad-4.6.8-5.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-9251\nhttps://access.redhat.com/security/cve/CVE-2016-10735\nhttps://access.redhat.com/security/cve/CVE-2018-14040\nhttps://access.redhat.com/security/cve/CVE-2018-14042\nhttps://access.redhat.com/security/cve/CVE-2018-20676\nhttps://access.redhat.com/security/cve/CVE-2018-20677\nhttps://access.redhat.com/security/cve/CVE-2019-8331\nhttps://access.redhat.com/security/cve/CVE-2019-11358\nhttps://access.redhat.com/security/cve/CVE-2020-1722\nhttps://access.redhat.com/security/cve/CVE-2020-11022\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBX3Of/9zjgjWX9erEAQjmHBAAi+u4CgMbaduuYvMAMbNKqT/0X8Y02udQ\nmaW4rfZ6udfHWJ21h1VlD/INXHB3sBFC2vpXsgJD7dTkUsZYIx73LrQFkakTzIWc\nxSQalxNs+Fjh/ot/JMiKQzQUmZeu/vUYgVB81y+hczg5dys3q1mnu42GWe18sJIc\nFCY2R3mBTnFUZoc/3JDHeVRJU8eq51oqRgNaz+Fl+CoFkR81P6mD8wybIIAsBx14\nYkya/awQf+OuBCe5tqfTV1+KS2U4+tqiqapzALt7dhjfA9Jayc9/UvQjGCyrmGvP\n+BBBPSqGOS81jpPo0ouM3OtadWrGAWERMwtrR+POUp1rnMxy2kI0EpebnzSOtJy2\nxExPZtcTjjgWvIMDdrJJ5DXG6cP5j3GjyvFknmCtCqvXzo90gw73psi6roG+g/a8\nUyML+be8jnJK7571X3dz6OCYBExaHqM21ukUEfdvddszhw92J3fxmDm5+picETB9\ndZ++VtV1lCBOlKW1SDG/ggk7PeSRGTDL5IkekopO1w89r3QsfqyFudlsNT0dDgk7\n8Kzn8YpCWln1Kp0UbVushKRT+KllZRTKzXTBfiEWiYtQiwyL9zj/DrxagXXbiPe7\n5mZnk62sAdKya3On4ejgPQ8Nq8oKHzRfaig/CNaNiB00HgZcRdQokPQ9+DRnkdNS\nUR3S5ZAZvb8=SWQt\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. http://secureli.com/retirejs-vulnerabilities-identified-with-retirejs/\n\n\n\nI decided to scan RetireJS using its own codebase, and discovered the following issues in RetireJS:\n\n/home/omi/clients/retire/firefox/test/web/dojo.js\n\u21b3 dojo 1.4.2 has known vulnerabilities: severity: medium; PR: 307; https://github.com/dojo/dojo/pull/307 https://dojotoolkit.org/blog/dojo-1-14-released\n\n/home/omi/clients/retire/firefox/test/web/retire-example-0.0.1.js\n\u21b3 retire-example 0.0.1 has known vulnerabilities: severity: low; CVE: CVE-XXXX-XXXX, bug: 1234, summary: bug summary; http://github.com/eoftedal/retire.js/\n\n/home/omi/clients/retire/firefox/test/web/retire-example.js\n\u21b3 retire-example 0.0.1 has known vulnerabilities: severity: low; CVE: CVE-XXXX-XXXX, bug: 1234, summary: bug summary; http://github.com/eoftedal/retire.js/\n\n/home/omi/clients/retire/node/spec/tests/contentscan.spec.js\n\u21b3 jquery 1.8.1 has known vulnerabilities: severity: medium; CVE: CVE-2012-6708, bug: 11290, summary: Selector interpreted as HTML; http://bugs.jquery.com/ticket/11290 https://nvd.nist.gov/vuln/detail/CVE-2012-6708 http://research.insecurelabs.org/jquery/test/ severity: medium; issue: 2432, summary: 3rd party CORS request may execute, CVE: CVE-2015-9251; https://github.com/jquery/jquery/issues/2432 http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/ https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/ severity: medium; CVE: CVE-2015-9251, issue: 11974, summary: parseHTML() executes scripts in event handlers; https://bugs.jquery.com/ticket/11974 https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/ severity: low; CVE: CVE-2019-11358, summary: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, \u2026) because of Object.prototype pollution; https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/ https://nvd.nist.gov/vuln/detail/CVE-2019-11358 https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-9251"
},
{
"db": "BID",
"id": "105658"
},
{
"db": "VULHUB",
"id": "VHN-87212"
},
{
"db": "PACKETSTORM",
"id": "159852"
},
{
"db": "PACKETSTORM",
"id": "170821"
},
{
"db": "PACKETSTORM",
"id": "170817"
},
{
"db": "PACKETSTORM",
"id": "156630"
},
{
"db": "PACKETSTORM",
"id": "159876"
},
{
"db": "PACKETSTORM",
"id": "159353"
},
{
"db": "PACKETSTORM",
"id": "153237"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-9251",
"trust": 2.7
},
{
"db": "ICS CERT",
"id": "ICSA-18-212-04",
"trust": 2.0
},
{
"db": "BID",
"id": "105658",
"trust": 2.0
},
{
"db": "PACKETSTORM",
"id": "153237",
"trust": 1.8
},
{
"db": "PACKETSTORM",
"id": "156743",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "152787",
"trust": 1.7
},
{
"db": "TENABLE",
"id": "TNS-2019-08",
"trust": 1.7
},
{
"db": "PULSESECURE",
"id": "SA44601",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "159353",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "159852",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "170821",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "156630",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "156315",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "170823",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "156941",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201801-798",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.1016",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0832",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.0585",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3165",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3875",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1238",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.0583",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0494",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1512",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1519",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3267",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1299",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1076",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0465",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3902",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4294",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3368",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1225",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2525",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSMA-21-187-01",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-22-097-01",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "170817",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159876",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "170819",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-98926",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-87212",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-87212"
},
{
"db": "BID",
"id": "105658"
},
{
"db": "PACKETSTORM",
"id": "159852"
},
{
"db": "PACKETSTORM",
"id": "170821"
},
{
"db": "PACKETSTORM",
"id": "170817"
},
{
"db": "PACKETSTORM",
"id": "156630"
},
{
"db": "PACKETSTORM",
"id": "159876"
},
{
"db": "PACKETSTORM",
"id": "159353"
},
{
"db": "PACKETSTORM",
"id": "153237"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-798"
},
{
"db": "NVD",
"id": "CVE-2015-9251"
}
]
},
"id": "VAR-201801-0036",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-87212"
}
],
"trust": 0.01
},
"last_update_date": "2025-12-22T19:52:30.043000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "jQuery Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=77976"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-798"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-87212"
},
{
"db": "NVD",
"id": "CVE-2015-9251"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://www.securityfocus.com/bid/105658"
},
{
"trust": 2.9,
"url": "http://packetstormsecurity.com/files/152787/dotcms-5.1.1-vulnerable-dependencies.html"
},
{
"trust": 2.6,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/153237/retirejs-cors-issue-script-execution.html"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/156743/octobercms-insecure-dependencies.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 2.3,
"url": "https://access.redhat.com/errata/rhsa-2020:0481"
},
{
"trust": 2.0,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"trust": 2.0,
"url": "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc"
},
{
"trust": 2.0,
"url": "https://github.com/jquery/jquery/pull/2588"
},
{
"trust": 2.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-212-04"
},
{
"trust": 2.0,
"url": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/securitybulletin_lfsec126.pdf"
},
{
"trust": 2.0,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"trust": 2.0,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"trust": 1.8,
"url": "https://github.com/jquery/jquery/issues/2432"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2020:0729"
},
{
"trust": 1.7,
"url": "https://seclists.org/bugtraq/2019/may/18"
},
{
"trust": 1.7,
"url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa44601"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20210108-0004/"
},
{
"trust": 1.7,
"url": "https://www.tenable.com/security/tns-2019-08"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2019/may/13"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2019/may/11"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2019/may/10"
},
{
"trust": 1.7,
"url": "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2"
},
{
"trust": 1.7,
"url": "https://snyk.io/vuln/npm:jquery:20150627"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3cdev.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3cissues.drill.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3cdev.drill.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3cuser.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3cuser.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3ccommits.roller.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3cdev.drill.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3cuser.flink.apache.org%3e"
},
{
"trust": 0.9,
"url": "https://jquery.org/"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3cdev.drill.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3cdev.drill.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3cissues.drill.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731@%3cdev.flink.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854@%3cuser.flink.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49@%3cuser.flink.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2@%3cuser.flink.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3ccommits.roller.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-9251"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2015-9251"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11358"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1105515"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1105509"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1105479"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1106577"
},
{
"trust": 0.6,
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10874666"
},
{
"trust": 0.6,
"url": "https://fortiguard.com/psirt/fg-ir-18-013"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10967469"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-a-cross-site-scripting-vulnerability-in-jquery-affects-ibm-infosphere-information-server/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159353/red-hat-security-advisory-2020-3936-01.html"
},
{
"trust": 0.6,
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10878200"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-swagger-ui-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilites-affect-ibm-jazz-foundation-and-ibm-engineering-products-5/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4294/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-and-vulnerable-library-jquery-v1-11-1-affects-ibm-engineering-workflow-management/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-swagger-ui-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0465"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156630/red-hat-security-advisory-2020-0729-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/78866"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156941/red-hat-security-advisory-2020-0983-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1105497"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3875/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1016/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1519"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3902/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0832/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/170821/red-hat-security-advisory-2023-0552-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0585"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159852/red-hat-security-advisory-2020-4847-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2525"
},
{
"trust": 0.6,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ibm10874666"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities-10/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities-8/"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-187-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0583"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-qradar-analyst-workflow-add-on-to-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities-2/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerability-issues-affect-ibm-spectrum-symphony-7-3-1/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/79122"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0494/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/78794"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156315/red-hat-security-advisory-2020-0481-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3267/"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-097-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1076/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3368/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/170823/red-hat-security-advisory-2023-0553-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-3/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3165/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1512"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2018-14042"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-8331"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2018-14040"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14042"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-11358"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11022"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10735"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14040"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-11022"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2016-10735"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8331"
},
{
"trust": 0.4,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11023"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-11023"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-40150"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3143"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-42003"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-42004"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14041"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40150"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-45047"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18214"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40152"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40149"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-40149"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-40152"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14041"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-18214"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-45693"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-46364"
},
{
"trust": 0.2,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-3143"
},
{
"trust": 0.2,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1722"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-20676"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1722"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20676"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20677"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-20677"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1721"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10146"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10221"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1721"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15720"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10146"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10179"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10179"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10221"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4847"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:0552"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:0556"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=appplatform\u0026version=7.4"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16335"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14892"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html-single/red_hat_data_grid_7.3_release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14892"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/softwaredetail.html?softwareidp381\u0026product\\xdata.grid\u0026version=7.3\u0026downloadtype=patches"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14893"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14893"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16335"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14888"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14888"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4670"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3936"
},
{
"trust": 0.1,
"url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
},
{
"trust": 0.1,
"url": "https://github.com/dojo/dojo/pull/307"
},
{
"trust": 0.1,
"url": "http://bugs.jquery.com/ticket/11290"
},
{
"trust": 0.1,
"url": "http://secureli.com/retirejs-vulnerabilities-identified-with-retirejs/"
},
{
"trust": 0.1,
"url": "https://dojotoolkit.org/blog/dojo-1-14-released"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-6708"
},
{
"trust": 0.1,
"url": "http://research.insecurelabs.org/jquery/test/"
},
{
"trust": 0.1,
"url": "http://github.com/eoftedal/retire.js/"
},
{
"trust": 0.1,
"url": "https://bugs.jquery.com/ticket/11974"
},
{
"trust": 0.1,
"url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b"
},
{
"trust": 0.1,
"url": "http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-87212"
},
{
"db": "BID",
"id": "105658"
},
{
"db": "PACKETSTORM",
"id": "159852"
},
{
"db": "PACKETSTORM",
"id": "170821"
},
{
"db": "PACKETSTORM",
"id": "170817"
},
{
"db": "PACKETSTORM",
"id": "156630"
},
{
"db": "PACKETSTORM",
"id": "159876"
},
{
"db": "PACKETSTORM",
"id": "159353"
},
{
"db": "PACKETSTORM",
"id": "153237"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-798"
},
{
"db": "NVD",
"id": "CVE-2015-9251"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-87212"
},
{
"db": "BID",
"id": "105658"
},
{
"db": "PACKETSTORM",
"id": "159852"
},
{
"db": "PACKETSTORM",
"id": "170821"
},
{
"db": "PACKETSTORM",
"id": "170817"
},
{
"db": "PACKETSTORM",
"id": "156630"
},
{
"db": "PACKETSTORM",
"id": "159876"
},
{
"db": "PACKETSTORM",
"id": "159353"
},
{
"db": "PACKETSTORM",
"id": "153237"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-798"
},
{
"db": "NVD",
"id": "CVE-2015-9251"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-18T00:00:00",
"db": "VULHUB",
"id": "VHN-87212"
},
{
"date": "2018-01-18T00:00:00",
"db": "BID",
"id": "105658"
},
{
"date": "2020-11-04T15:29:15",
"db": "PACKETSTORM",
"id": "159852"
},
{
"date": "2023-01-31T17:21:40",
"db": "PACKETSTORM",
"id": "170821"
},
{
"date": "2023-01-31T17:16:43",
"db": "PACKETSTORM",
"id": "170817"
},
{
"date": "2020-03-05T14:42:33",
"db": "PACKETSTORM",
"id": "156630"
},
{
"date": "2020-11-04T15:32:52",
"db": "PACKETSTORM",
"id": "159876"
},
{
"date": "2020-09-30T15:44:20",
"db": "PACKETSTORM",
"id": "159353"
},
{
"date": "2019-06-07T16:22:22",
"db": "PACKETSTORM",
"id": "153237"
},
{
"date": "2018-01-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-798"
},
{
"date": "2018-01-18T23:29:00.307000",
"db": "NVD",
"id": "CVE-2015-9251"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-08T00:00:00",
"db": "VULHUB",
"id": "VHN-87212"
},
{
"date": "2019-07-17T07:00:00",
"db": "BID",
"id": "105658"
},
{
"date": "2023-02-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-798"
},
{
"date": "2024-11-21T02:40:09.093000",
"db": "NVD",
"id": "CVE-2015-9251"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-798"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "jQuery Cross-site scripting vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-798"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-798"
}
],
"trust": 0.6
}
}
CVE-2022-23854 (GCVE-0-2022-23854)
Vulnerability from nvd – Published: 2022-12-23 20:50 – Updated: 2025-02-13 16:32
VLAI?
Summary
AVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerable to a path traversal exploit that could allow an unauthenticated user with network access to read files on the system outside of the secure gateway web server.
Severity ?
7.5 (High)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AVEVA | InTouch Access Anywhere |
Affected:
0 , ≤ 2020 R2
(custom)
|
Credits
Jens Regel
CRISEC
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:46.138Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-342-02"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2023-001_r.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://crisec.de/advisory-aveva-intouch-access-anywhere-secure-gateway-path-traversal"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-23854",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-19T19:54:16.848429Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T19:54:26.836Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "InTouch Access Anywhere",
"vendor": "AVEVA",
"versions": [
{
"lessThanOrEqual": "2020 R2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Jens Regel"
},
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "CRISEC"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerable to a path traversal exploit that could allow an unauthenticated user with network access to read files on the system outside of the secure gateway web server. \u003c/span\u003e"
}
],
"value": "AVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerable to a path traversal exploit that could allow an unauthenticated user with network access to read files on the system outside of the secure gateway web server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-19T18:15:25.245Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-342-02"
},
{
"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2023-001_r.pdf"
},
{
"url": "https://crisec.de/advisory-aveva-intouch-access-anywhere-secure-gateway-path-traversal"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAVEVA recommends users apply the following hotfixes: \u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eInTouch Access Anywhere Secure Gateway 2020 R2 (version 20.1.0) Hotfix. \u003c/li\u003e\u003cli\u003eInTouch Access Anywhere Secure Gateway 2020b (version 20.0.1) Hotfix.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "AVEVA recommends users apply the following hotfixes: \u00a0\n\n * InTouch Access Anywhere Secure Gateway 2020 R2 (version 20.1.0) Hotfix. \n * InTouch Access Anywhere Secure Gateway 2020b (version 20.0.1) Hotfix."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-23854",
"datePublished": "2022-12-23T20:50:24.757Z",
"dateReserved": "2022-01-24T01:31:26.578Z",
"dateUpdated": "2025-02-13T16:32:24.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23854 (GCVE-0-2022-23854)
Vulnerability from cvelistv5 – Published: 2022-12-23 20:50 – Updated: 2025-02-13 16:32
VLAI?
Summary
AVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerable to a path traversal exploit that could allow an unauthenticated user with network access to read files on the system outside of the secure gateway web server.
Severity ?
7.5 (High)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AVEVA | InTouch Access Anywhere |
Affected:
0 , ≤ 2020 R2
(custom)
|
Credits
Jens Regel
CRISEC
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:46.138Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-342-02"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2023-001_r.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://crisec.de/advisory-aveva-intouch-access-anywhere-secure-gateway-path-traversal"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-23854",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-19T19:54:16.848429Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T19:54:26.836Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "InTouch Access Anywhere",
"vendor": "AVEVA",
"versions": [
{
"lessThanOrEqual": "2020 R2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Jens Regel"
},
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "CRISEC"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerable to a path traversal exploit that could allow an unauthenticated user with network access to read files on the system outside of the secure gateway web server. \u003c/span\u003e"
}
],
"value": "AVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerable to a path traversal exploit that could allow an unauthenticated user with network access to read files on the system outside of the secure gateway web server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-19T18:15:25.245Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-342-02"
},
{
"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2023-001_r.pdf"
},
{
"url": "https://crisec.de/advisory-aveva-intouch-access-anywhere-secure-gateway-path-traversal"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAVEVA recommends users apply the following hotfixes: \u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eInTouch Access Anywhere Secure Gateway 2020 R2 (version 20.1.0) Hotfix. \u003c/li\u003e\u003cli\u003eInTouch Access Anywhere Secure Gateway 2020b (version 20.0.1) Hotfix.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "AVEVA recommends users apply the following hotfixes: \u00a0\n\n * InTouch Access Anywhere Secure Gateway 2020 R2 (version 20.1.0) Hotfix. \n * InTouch Access Anywhere Secure Gateway 2020b (version 20.0.1) Hotfix."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-23854",
"datePublished": "2022-12-23T20:50:24.757Z",
"dateReserved": "2022-01-24T01:31:26.578Z",
"dateUpdated": "2025-02-13T16:32:24.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}