Vulnerability-Lookup

CVE-2016-10735 (GCVE-0-2016-10735)

Vulnerability from cvelistv5 – Published: 2019-01-09 05:00 – Updated: 2024-08-06 03:30

Summary

In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.

Severity

No CVSS data available.

CWE

Assigner

mitre

References

13 references

URL	Tags
https://github.com/twbs/bootstrap/issues/27915#is…	x_refsource_MISC
https://github.com/twbs/bootstrap/pull/26460	x_refsource_MISC
https://github.com/twbs/bootstrap/issues/20184	x_refsource_MISC
https://github.com/twbs/bootstrap/pull/23687	x_refsource_MISC
https://github.com/twbs/bootstrap/pull/23679	x_refsource_MISC
https://blog.getbootstrap.com/2018/12/13/bootstra…	x_refsource_MISC
https://access.redhat.com/errata/RHSA-2019:1456	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHBA-2019:1076	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHBA-2019:1570	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3023	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0132	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0133	vendor-advisoryx_refsource_REDHAT
https://www.tenable.com/security/tns-2021-14	x_refsource_CONFIRM

Date Public

2019-01-08 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T03:30:20.165Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/twbs/bootstrap/pull/26460"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/twbs/bootstrap/issues/20184"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/twbs/bootstrap/pull/23687"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/twbs/bootstrap/pull/23679"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/"
          },
          {
            "name": "RHSA-2019:1456",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1456"
          },
          {
            "name": "RHBA-2019:1076",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHBA-2019:1076"
          },
          {
            "name": "RHBA-2019:1570",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHBA-2019:1570"
          },
          {
            "name": "RHSA-2019:3023",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3023"
          },
          {
            "name": "RHSA-2020:0132",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0132"
          },
          {
            "name": "RHSA-2020:0133",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0133"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2021-14"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2019-01-08T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-22T17:06:28.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/twbs/bootstrap/pull/26460"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/twbs/bootstrap/issues/20184"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/twbs/bootstrap/pull/23687"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/twbs/bootstrap/pull/23679"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/"
        },
        {
          "name": "RHSA-2019:1456",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1456"
        },
        {
          "name": "RHBA-2019:1076",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHBA-2019:1076"
        },
        {
          "name": "RHBA-2019:1570",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHBA-2019:1570"
        },
        {
          "name": "RHSA-2019:3023",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3023"
        },
        {
          "name": "RHSA-2020:0132",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0132"
        },
        {
          "name": "RHSA-2020:0133",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0133"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2021-14"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-10735",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906",
              "refsource": "MISC",
              "url": "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906"
            },
            {
              "name": "https://github.com/twbs/bootstrap/pull/26460",
              "refsource": "MISC",
              "url": "https://github.com/twbs/bootstrap/pull/26460"
            },
            {
              "name": "https://github.com/twbs/bootstrap/issues/20184",
              "refsource": "MISC",
              "url": "https://github.com/twbs/bootstrap/issues/20184"
            },
            {
              "name": "https://github.com/twbs/bootstrap/pull/23687",
              "refsource": "MISC",
              "url": "https://github.com/twbs/bootstrap/pull/23687"
            },
            {
              "name": "https://github.com/twbs/bootstrap/pull/23679",
              "refsource": "MISC",
              "url": "https://github.com/twbs/bootstrap/pull/23679"
            },
            {
              "name": "https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/",
              "refsource": "MISC",
              "url": "https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/"
            },
            {
              "name": "RHSA-2019:1456",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1456"
            },
            {
              "name": "RHBA-2019:1076",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHBA-2019:1076"
            },
            {
              "name": "RHBA-2019:1570",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHBA-2019:1570"
            },
            {
              "name": "RHSA-2019:3023",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3023"
            },
            {
              "name": "RHSA-2020:0132",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0132"
            },
            {
              "name": "RHSA-2020:0133",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0133"
            },
            {
              "name": "https://www.tenable.com/security/tns-2021-14",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2021-14"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-10735",
    "datePublished": "2019-01-09T05:00:00.000Z",
    "dateReserved": "2019-01-08T00:00:00.000Z",
    "dateUpdated": "2024-08-06T03:30:20.165Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2016-10735",
      "date": "2026-05-28",
      "epss": "0.05476",
      "percentile": "0.90327"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-10735\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-01-09T05:29:00.883\",\"lastModified\":\"2024-11-21T02:44:37.590\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.\"},{\"lang\":\"es\",\"value\":\"En las versiones de Bootstrap anteriores a la 3.4.0 y en las 4.x-beta anteriores a la 4.0.0-beta.2, Cross-Site Scripting (XSS) es posible en el atributo \\\"data-target\\\". Se trata de una vulnerabilidad diferente de CVE-2018-14041.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndExcluding\":\"3.4.0\",\"matchCriteriaId\":\"8497B424-E8CC-4FEF-844B-FE33F2C18E6E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5E15817-0A5D-4C30-9A3C-F85F275E78DC\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHBA-2019:1076\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://access.redhat.com/errata/RHBA-2019:1570\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1456\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3023\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0132\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0133\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/twbs/bootstrap/issues/20184\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/twbs/bootstrap/pull/23679\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/twbs/bootstrap/pull/23687\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/twbs/bootstrap/pull/26460\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2021-14\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://access.redhat.com/errata/RHBA-2019:1076\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHBA-2019:1570\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1456\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3023\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0132\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0133\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/twbs/bootstrap/issues/20184\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/twbs/bootstrap/pull/23679\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/twbs/bootstrap/pull/23687\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/twbs/bootstrap/pull/26460\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2021-14\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

alsa-2020:4670

Vulnerability from osv_almalinux

Published

2020-11-03 12:25

Modified

2022-04-29 15:25

Summary

Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update

Details

AlmaLinux Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments.

The following packages have been upgraded to a later upstream version: ipa (4.8.7), softhsm (2.6.0), opendnssec (2.1.6). (BZ#1759888, BZ#1818765, BZ#1818877)

Security Fix(es):

js-jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)
bootstrap: XSS in the data-target attribute (CVE-2016-10735)
bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)
bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)
bootstrap: XSS in the tooltip data-viewport attribute (CVE-2018-20676)
bootstrap: XSS in the affix configuration target property (CVE-2018-20677)
bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)
js-jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)
jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
ipa: No password length restriction leads to denial of service (CVE-2020-1722)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References

URL

Type

	https://errata.almalinux.org/8/ALSA-2020-4670.html	ADVISORY
	https://vulners.com/cve/CVE-2015-9251	REPORT
	https://vulners.com/cve/CVE-2016-10735	REPORT
	https://vulners.com/cve/CVE-2018-14040	REPORT
	https://vulners.com/cve/CVE-2018-14042	REPORT
	https://vulners.com/cve/CVE-2018-20676	REPORT
	https://vulners.com/cve/CVE-2018-20677	REPORT
	https://vulners.com/cve/CVE-2019-11358	REPORT
	https://vulners.com/cve/CVE-2019-8331	REPORT
	https://vulners.com/cve/CVE-2020-11022	REPORT
	https://vulners.com/cve/CVE-2020-1722	REPORT

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "custodia"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.6.0-3.module_el8.6.0+2881+2f24dc92"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python3-custodia"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.6.0-3.module_el8.6.0+2881+2f24dc92"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python3-jwcrypto"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.5.0-1.module_el8.5.0+2641+983b221b"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python3-jwcrypto"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.5.0-1.module_el8.6.0+2881+2f24dc92"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python3-jwcrypto"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.5.0-1.module_el8.6.0+2737+7e73ea90"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python3-kdcproxy"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.4-5.module_el8.6.0+2881+2f24dc92"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python3-pyusb"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.0.0-9.module_el8.5.0+2641+983b221b"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python3-pyusb"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.0.0-9.module_el8.6.0+2881+2f24dc92"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python3-pyusb"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.0.0-9.module_el8.6.0+2737+7e73ea90"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python3-qrcode"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.1-12.module_el8.6.0+2881+2f24dc92"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python3-qrcode"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.1-12.module_el8.5.0+2641+983b221b"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python3-qrcode"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.1-12.module_el8.6.0+2737+7e73ea90"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python3-qrcode-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.1-12.module_el8.6.0+2737+7e73ea90"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python3-qrcode-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.1-12.module_el8.6.0+2881+2f24dc92"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python3-qrcode-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.1-12.module_el8.5.0+2641+983b221b"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python3-yubico"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.3.2-9.module_el8.5.0+2641+983b221b"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python3-yubico"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.3.2-9.module_el8.6.0+2737+7e73ea90"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python3-yubico"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.3.2-9.module_el8.6.0+2881+2f24dc92"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "AlmaLinux Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. \n\nThe following packages have been upgraded to a later upstream version: ipa (4.8.7), softhsm (2.6.0), opendnssec (2.1.6). (BZ#1759888, BZ#1818765, BZ#1818877)\n\nSecurity Fix(es):\n\n* js-jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)\n\n* bootstrap: XSS in the data-target attribute (CVE-2016-10735)\n\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)\n\n* bootstrap: XSS in the tooltip data-viewport attribute (CVE-2018-20676)\n\n* bootstrap: XSS in the affix configuration target property (CVE-2018-20677)\n\n* bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)\n\n* js-jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n\n* ipa: No password length restriction leads to denial of service (CVE-2020-1722)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
  "id": "ALSA-2020:4670",
  "modified": "2022-04-29T15:25:47Z",
  "published": "2020-11-03T12:25:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2020-4670.html"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2015-9251"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2016-10735"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2018-14040"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2018-14042"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2018-20676"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2018-20677"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-11358"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-8331"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-11022"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-1722"
    }
  ],
  "related": [
    "CVE-2015-9251",
    "CVE-2016-10735",
    "CVE-2018-14040",
    "CVE-2018-14042",
    "CVE-2018-20676",
    "CVE-2018-20677",
    "CVE-2019-8331",
    "CVE-2019-11358",
    "CVE-2020-11022",
    "CVE-2020-1722"
  ],
  "summary": "Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update"
}

CERTFR-2021-AVI-571

Vulnerability from certfr_avis - Published: 2021-07-23 - Updated: 2021-07-23

De multiples vulnérabilités ont été découvertes dans Tenable. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Tenable	N/A	Tenable.sc versions antérieures à 5.19.0

References

Title

Publication Time

Tags

Bulletin de sécurité Tenable tns-2021-14 du 22 juillet 2021

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Tenable.sc versions ant\u00e9rieures \u00e0 5.19.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-14042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14042"
    },
    {
      "name": "CVE-2020-7060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7060"
    },
    {
      "name": "CVE-2019-11048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11048"
    },
    {
      "name": "CVE-2020-13434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13434"
    },
    {
      "name": "CVE-2018-14040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14040"
    },
    {
      "name": "CVE-2020-13632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13632"
    },
    {
      "name": "CVE-2019-11041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11041"
    },
    {
      "name": "CVE-2020-7071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7071"
    },
    {
      "name": "CVE-2019-11045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11045"
    },
    {
      "name": "CVE-2021-21704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21704"
    },
    {
      "name": "CVE-2020-7070",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7070"
    },
    {
      "name": "CVE-2020-7069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7069"
    },
    {
      "name": "CVE-2019-11046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11046"
    },
    {
      "name": "CVE-2020-7063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7063"
    },
    {
      "name": "CVE-2020-13630",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13630"
    },
    {
      "name": "CVE-2019-19646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19646"
    },
    {
      "name": "CVE-2018-20676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20676"
    },
    {
      "name": "CVE-2021-21705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21705"
    },
    {
      "name": "CVE-2019-19919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19919"
    },
    {
      "name": "CVE-2021-23358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23358"
    },
    {
      "name": "CVE-2020-11656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11656"
    },
    {
      "name": "CVE-2020-7068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7068"
    },
    {
      "name": "CVE-2018-20677",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20677"
    },
    {
      "name": "CVE-2019-11044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11044"
    },
    {
      "name": "CVE-2020-7064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7064"
    },
    {
      "name": "CVE-2020-15358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15358"
    },
    {
      "name": "CVE-2017-5661",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5661"
    },
    {
      "name": "CVE-2019-11047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11047"
    },
    {
      "name": "CVE-2020-7067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7067"
    },
    {
      "name": "CVE-2020-7062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7062"
    },
    {
      "name": "CVE-2020-13631",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13631"
    },
    {
      "name": "CVE-2019-11043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11043"
    },
    {
      "name": "CVE-2020-7065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7065"
    },
    {
      "name": "CVE-2019-11050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11050"
    },
    {
      "name": "CVE-2020-11022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
    },
    {
      "name": "CVE-2020-7066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7066"
    },
    {
      "name": "CVE-2016-10735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10735"
    },
    {
      "name": "CVE-2019-19645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19645"
    },
    {
      "name": "CVE-2020-11655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11655"
    },
    {
      "name": "CVE-2019-16168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16168"
    },
    {
      "name": "CVE-2020-7061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7061"
    },
    {
      "name": "CVE-2020-7059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7059"
    },
    {
      "name": "CVE-2019-11042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11042"
    },
    {
      "name": "CVE-2019-11049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11049"
    },
    {
      "name": "CVE-2021-21702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21702"
    },
    {
      "name": "CVE-2020-13435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13435"
    },
    {
      "name": "CVE-2019-8331",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
    }
  ],
  "initial_release_date": "2021-07-23T00:00:00",
  "last_revision_date": "2021-07-23T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-571",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-07-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\ninjection de code indirecte \u00e0 distance (XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2021-14 du 22 juillet 2021",
      "url": "https://www.tenable.com/security/tns-2021-14"
    }
  ]
}

CERTFR-2023-AVI-0513

Vulnerability from certfr_avis - Published: 2023-07-07 - Updated: 2023-07-07

De multiples vulnérabilités ont été découvertes dans les produits IBM. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, un déni de service, une injection de code indirecte à distance (XSS), une élévation de privilèges, un problème de sécurité non spécifié par l'éditeur, une atteinte à l'intégrité des données, une atteinte à la confidentialité des données et une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	Sterling Connect:Direct	IBM Sterling Connect:Direct File Agent versions 1.4.x antérieures à 1.4.0.2_iFix042
IBM	Sterling Connect:Direct	BM Sterling Connect:Direct Web Services versions 6.2.x antérieures à 6.2.0.17
IBM	Sterling Connect:Direct	IBM Sterling Connect:Direct pour Microsoft Windows versions 6.2.x antérieures à 6.2.0.4_iFix039
IBM	QRadar SIEM	IBM QRadar SIEM version 7.5.x antérieures à 7.5.0 UP6
IBM	Sterling Connect:Direct	IBM Sterling Connect:Direct pour Microsoft Windows versions 6.1.x antérieures à 6.1.0.2_iFix064
IBM	Sterling Connect:Direct	IBM Sterling Connect:Direct pour Microsoft Windows versions 6.0.x antérieures à 6.0.0.4_iFix068
IBM	N/A	IBM Connect:Direct Web Services versions 6.1.x antérieures à 6.1.0.19
IBM	Sterling Connect:Direct	IBM Sterling Connect:Direct pour Microsoft Windows versions 6.3.x antérieures à 6.3.0.0_iFix007

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7010099 du 06 juillet 2023	None	vendor-advisory
Bulletin de sécurité IBM 7009987 du 06 juillet 2023	None	vendor-advisory
Bulletin de sécurité IBM 7009301 du 07 juillet 2023	None	vendor-advisory
Bulletin de sécurité IBM 7010095 du 06 juillet 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Sterling Connect:Direct File Agent versions 1.4.x ant\u00e9rieures \u00e0 1.4.0.2_iFix042",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "BM Sterling Connect:Direct Web Services versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.17",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Connect:Direct pour Microsoft Windows versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.4_iFix039",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM QRadar SIEM version 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP6",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Connect:Direct pour Microsoft Windows versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.2_iFix064",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Connect:Direct pour Microsoft Windows versions 6.0.x ant\u00e9rieures \u00e0 6.0.0.4_iFix068",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Connect:Direct Web Services versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.19",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Connect:Direct pour Microsoft Windows versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.0_iFix007",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-21938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
    },
    {
      "name": "CVE-2021-3733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3733"
    },
    {
      "name": "CVE-2023-28708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28708"
    },
    {
      "name": "CVE-2023-21954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
    },
    {
      "name": "CVE-2023-21939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
    },
    {
      "name": "CVE-2021-23336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23336"
    },
    {
      "name": "CVE-2023-1436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1436"
    },
    {
      "name": "CVE-2022-45061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
    },
    {
      "name": "CVE-2022-23521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23521"
    },
    {
      "name": "CVE-2022-42703",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42703"
    },
    {
      "name": "CVE-2023-20861",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-20861"
    },
    {
      "name": "CVE-2022-41903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41903"
    },
    {
      "name": "CVE-2023-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
    },
    {
      "name": "CVE-2022-0391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0391"
    },
    {
      "name": "CVE-2020-26116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26116"
    },
    {
      "name": "CVE-2022-43750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43750"
    },
    {
      "name": "CVE-2018-20060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20060"
    },
    {
      "name": "CVE-2022-40149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40149"
    },
    {
      "name": "CVE-2021-43138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43138"
    },
    {
      "name": "CVE-2023-0767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0767"
    },
    {
      "name": "CVE-2015-0254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0254"
    },
    {
      "name": "CVE-2022-40150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40150"
    },
    {
      "name": "CVE-2022-45693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45693"
    },
    {
      "name": "CVE-2022-37434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
    },
    {
      "name": "CVE-2019-9740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9740"
    },
    {
      "name": "CVE-2022-4378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4378"
    },
    {
      "name": "CVE-2022-40151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40151"
    },
    {
      "name": "CVE-2023-21937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
    },
    {
      "name": "CVE-2021-3737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3737"
    },
    {
      "name": "CVE-2023-2597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
    },
    {
      "name": "CVE-2022-42004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
    },
    {
      "name": "CVE-2023-25194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25194"
    },
    {
      "name": "CVE-2022-38023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38023"
    },
    {
      "name": "CVE-2023-20863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-20863"
    },
    {
      "name": "CVE-2019-18348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-18348"
    },
    {
      "name": "CVE-2022-45685",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45685"
    },
    {
      "name": "CVE-2023-20859",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-20859"
    },
    {
      "name": "CVE-2022-34917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34917"
    },
    {
      "name": "CVE-2023-20860",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-20860"
    },
    {
      "name": "CVE-2016-10735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10735"
    },
    {
      "name": "CVE-2023-21968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
    },
    {
      "name": "CVE-2021-28861",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28861"
    },
    {
      "name": "CVE-2023-21930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
    },
    {
      "name": "CVE-2023-24998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
    },
    {
      "name": "CVE-2023-24329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24329"
    },
    {
      "name": "CVE-2022-42003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
    },
    {
      "name": "CVE-2015-20107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-20107"
    },
    {
      "name": "CVE-2023-1999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1999"
    },
    {
      "name": "CVE-2023-21967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
    },
    {
      "name": "CVE-2019-8331",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
    }
  ],
  "initial_release_date": "2023-07-07T00:00:00",
  "last_revision_date": "2023-07-07T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0513",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-07-07T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits \u003cspan\nclass=\"textit\"\u003eIBM\u003c/span\u003e. Elles permettent \u00e0 un attaquant de provoquer\nun contournement de la politique de s\u00e9curit\u00e9, un d\u00e9ni de service, une\ninjection de code indirecte \u00e0 distance (XSS), une \u00e9l\u00e9vation de\nprivil\u00e8ges, un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es, une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es et une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7010099 du 06 juillet 2023",
      "url": "https://www.ibm.com/support/pages/node/7010099"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7009987 du 06 juillet 2023",
      "url": "https://www.ibm.com/support/pages/node/7009987"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7009301 du 07 juillet 2023",
      "url": "https://www.ibm.com/support/pages/node/7009301"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7010095 du 06 juillet 2023",
      "url": "https://www.ibm.com/support/pages/node/7010095"
    }
  ]
}

CERTFR-2024-AVI-1015

Vulnerability from certfr_avis - Published: 2024-11-22 - Updated: 2024-11-22

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Les vulnérabilités CVE-2024-47875 et CVE-2024-45801 n'ont pas de correctif pour Sterling Connect:Direct Web Services versions 6.1.x et 6.2.x

Impacted products

Vendor	Product	Description
IBM	QRadar	QRadar Pre-Validation App versions antérieures à 2.0.1
IBM	QRadar	QRadar Pulse App versions antérieures à 2.2.15
IBM	WebSphere	WebSphere Hybrid Edition sans le correctif APAR PH63533
IBM	Sterling Connect:Direct	Sterling Connect:Direct Web Services versions 6.2.x antérieures à 6.2.0.25
IBM	AIX	AIX version 7.3 sans le correctif bind_fix27/73bind918.tar
IBM	VIOS	VIOS version 3.1 sans le correctif bind_fix27/72bind918.tar
IBM	WebSphere	WebSphere Application Server Liberty sans le correctif APAR PH63533
IBM	Cloud Pak System	Cloud Pak System versions antérieures à 2.3.5.0 pour Power avec le correctif PH60195/PH61002
IBM	AIX	AIX version 7.2 sans le correctif bind_fix27/72bind918.tar
IBM	VIOS	VIOS version 4.1 sans le correctif bind_fix27/73bind918.tar
IBM	Sterling Connect:Direct	Sterling Connect:Direct Web Services versions 6.1.x antérieures à 6.1.0.26
IBM	Cloud Pak System	Cloud Pak System versions antérieures à 2.3.4.1 pour Intel avec le correctif PH60195/PH61002
IBM	Sterling Connect:Direct	Sterling Connect:Direct Web Services versions 6.3.x antérieures à 6.3.0.11
IBM	QRadar	QRadar User Behavior Analytics versions antérieures à 4.1.17

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7176657	2024-11-20	vendor-advisory
Bulletin de sécurité IBM 7176642	2024-11-20	vendor-advisory
Bulletin de sécurité IBM 7176660	2024-11-20	vendor-advisory
Bulletin de sécurité IBM 7176201	2024-11-18	vendor-advisory
Bulletin de sécurité IBM 7176391	2024-11-18	vendor-advisory
Bulletin de sécurité IBM 7176392	2024-11-18	vendor-advisory
Bulletin de sécurité IBM 7176386	2024-11-18	vendor-advisory
Bulletin de sécurité IBM 7176389	2024-11-18	vendor-advisory
Bulletin de sécurité IBM 7176451	2024-11-18	vendor-advisory
Bulletin de sécurité IBM 7176388	2024-11-18	vendor-advisory
Bulletin de sécurité IBM 7176205	2024-11-18	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "QRadar Pre-Validation App versions ant\u00e9rieures \u00e0 2.0.1",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar Pulse App versions ant\u00e9rieures \u00e0 2.2.15",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Hybrid Edition sans le correctif APAR PH63533",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Connect:Direct Web Services versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.25",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "AIX version 7.3 sans le correctif bind_fix27/73bind918.tar",
      "product": {
        "name": "AIX",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "VIOS version 3.1 sans le correctif bind_fix27/72bind918.tar",
      "product": {
        "name": "VIOS",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Application Server Liberty sans le correctif APAR PH63533",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cloud Pak System versions ant\u00e9rieures \u00e0 2.3.5.0 pour Power avec le correctif PH60195/PH61002",
      "product": {
        "name": "Cloud Pak System",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "AIX version 7.2 sans le correctif bind_fix27/72bind918.tar",
      "product": {
        "name": "AIX",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "VIOS version 4.1 sans le correctif bind_fix27/73bind918.tar",
      "product": {
        "name": "VIOS",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Connect:Direct Web Services versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.26",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cloud Pak System versions ant\u00e9rieures \u00e0 2.3.4.1 pour Intel avec le correctif PH60195/PH61002",
      "product": {
        "name": "Cloud Pak System",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Connect:Direct Web Services versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.11",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar User Behavior Analytics versions ant\u00e9rieures \u00e0 4.1.17",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "Les vuln\u00e9rabilit\u00e9s CVE-2024-47875 et CVE-2024-45801 n\u0027ont pas de correctif pour Sterling Connect:Direct Web Services versions 6.1.x et 6.2.x",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-37891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
    },
    {
      "name": "CVE-2024-28849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28849"
    },
    {
      "name": "CVE-2024-43788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43788"
    },
    {
      "name": "CVE-2024-4068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
    },
    {
      "name": "CVE-2024-47831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47831"
    },
    {
      "name": "CVE-2024-4076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4076"
    },
    {
      "name": "CVE-2018-14040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14040"
    },
    {
      "name": "CVE-2024-43799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
    },
    {
      "name": "CVE-2024-34351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34351"
    },
    {
      "name": "CVE-2024-34069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34069"
    },
    {
      "name": "CVE-2024-1975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1975"
    },
    {
      "name": "CVE-2024-0760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0760"
    },
    {
      "name": "CVE-2024-1737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1737"
    },
    {
      "name": "CVE-2024-45590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
    },
    {
      "name": "CVE-2024-43796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43796"
    },
    {
      "name": "CVE-2018-20676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20676"
    },
    {
      "name": "CVE-2024-1135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1135"
    },
    {
      "name": "CVE-2024-46982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46982"
    },
    {
      "name": "CVE-2018-20677",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20677"
    },
    {
      "name": "CVE-2024-45296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
    },
    {
      "name": "CVE-2024-45801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45801"
    },
    {
      "name": "CVE-2024-7254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
    },
    {
      "name": "CVE-2023-51775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-51775"
    },
    {
      "name": "CVE-2024-5569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5569"
    },
    {
      "name": "CVE-2024-47875",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47875"
    },
    {
      "name": "CVE-2018-14041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14041"
    },
    {
      "name": "CVE-2024-43800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43800"
    },
    {
      "name": "CVE-2016-10735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10735"
    },
    {
      "name": "CVE-2024-39338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39338"
    },
    {
      "name": "CVE-2024-34064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34064"
    },
    {
      "name": "CVE-2024-38816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38816"
    },
    {
      "name": "CVE-2024-22354",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22354"
    },
    {
      "name": "CVE-2024-39689",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39689"
    },
    {
      "name": "CVE-2023-26159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26159"
    },
    {
      "name": "CVE-2024-6345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
    },
    {
      "name": "CVE-2019-8331",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
    }
  ],
  "initial_release_date": "2024-11-22T00:00:00",
  "last_revision_date": "2024-11-22T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-1015",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-11-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2024-11-20",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7176657",
      "url": "https://www.ibm.com/support/pages/node/7176657"
    },
    {
      "published_at": "2024-11-20",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7176642",
      "url": "https://www.ibm.com/support/pages/node/7176642"
    },
    {
      "published_at": "2024-11-20",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7176660",
      "url": "https://www.ibm.com/support/pages/node/7176660"
    },
    {
      "published_at": "2024-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7176201",
      "url": "https://www.ibm.com/support/pages/node/7176201"
    },
    {
      "published_at": "2024-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7176391",
      "url": "https://www.ibm.com/support/pages/node/7176391"
    },
    {
      "published_at": "2024-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7176392",
      "url": "https://www.ibm.com/support/pages/node/7176392"
    },
    {
      "published_at": "2024-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7176386",
      "url": "https://www.ibm.com/support/pages/node/7176386"
    },
    {
      "published_at": "2024-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7176389",
      "url": "https://www.ibm.com/support/pages/node/7176389"
    },
    {
      "published_at": "2024-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7176451",
      "url": "https://www.ibm.com/support/pages/node/7176451"
    },
    {
      "published_at": "2024-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7176388",
      "url": "https://www.ibm.com/support/pages/node/7176388"
    },
    {
      "published_at": "2024-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7176205",
      "url": "https://www.ibm.com/support/pages/node/7176205"
    }
  ]
}

CERTFR-2024-AVI-1030

Vulnerability from certfr_avis - Published: 2024-11-29 - Updated: 2024-11-29

De multiples vulnérabilités ont été découvertes dans IBM QRadar. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	IBM	QRadar	QRadar User Behavior Analytics versions 1.x à 4.1.x antérieures à 4.1.17

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7176642

2024-11-20

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "QRadar User Behavior Analytics versions 1.x \u00e0 4.1.x ant\u00e9rieures \u00e0 4.1.17",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-37891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
    },
    {
      "name": "CVE-2024-43788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43788"
    },
    {
      "name": "CVE-2024-4068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
    },
    {
      "name": "CVE-2024-47831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47831"
    },
    {
      "name": "CVE-2018-14040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14040"
    },
    {
      "name": "CVE-2024-34069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34069"
    },
    {
      "name": "CVE-2018-20676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20676"
    },
    {
      "name": "CVE-2024-1135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1135"
    },
    {
      "name": "CVE-2018-20677",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20677"
    },
    {
      "name": "CVE-2024-45801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45801"
    },
    {
      "name": "CVE-2024-5569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5569"
    },
    {
      "name": "CVE-2024-47875",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47875"
    },
    {
      "name": "CVE-2018-14041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14041"
    },
    {
      "name": "CVE-2016-10735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10735"
    },
    {
      "name": "CVE-2024-39338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39338"
    },
    {
      "name": "CVE-2024-34064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34064"
    },
    {
      "name": "CVE-2024-39689",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39689"
    },
    {
      "name": "CVE-2024-6345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
    },
    {
      "name": "CVE-2019-8331",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
    }
  ],
  "initial_release_date": "2024-11-29T00:00:00",
  "last_revision_date": "2024-11-29T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-1030",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-11-29T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM QRadar. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM QRadar",
  "vendor_advisories": [
    {
      "published_at": "2024-11-20",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7176642",
      "url": "https://www.ibm.com/support/pages/node/7176642"
    }
  ]
}

CERTFR-2024-AVI-1103

Vulnerability from certfr_avis - Published: 2024-12-20 - Updated: 2024-12-20

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	Cognos Analytics	Cognos Analytics versions 12.0.x antérieures à 12.0.4
IBM	Sterling	Sterling External Authentication Server versions 6.1.0.x antérieures à 6.1.0.2 ifix 01
IBM	QRadar SIEM	Security QRadar Log Management AQL Plugin versions antérieures à 1.1.0
IBM	Sterling	Sterling Secure Proxy versions 6.0.x antérieures à 6.0.3.1 (fixpack) GA
IBM	Cognos Analytics	Cognos Analytics versions 11.2.x antérieures à 11.2.4 FP5
IBM	Sterling	Sterling Secure Proxy versions 6.1.x antérieures à 6.1.0.1 (fixpack) GA
IBM	Sterling	Sterling Secure Proxy versions 6.2.x antérieures à 6.2.0.0 ifix 01
IBM	Sterling Connect:Direct	Sterling Connect:Direct Web Services versions 6.3.x antérieures à 6.3.0.11_ifix001

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7177142	2024-12-17	vendor-advisory
Bulletin de sécurité IBM 7177223	2024-12-17	vendor-advisory
Bulletin de sécurité IBM 7179044	2024-12-16	vendor-advisory
Bulletin de sécurité IBM 7179156	2024-12-17	vendor-advisory
Bulletin de sécurité IBM 7179166	2024-12-17	vendor-advisory
Bulletin de sécurité IBM 7178835	2024-12-13	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cognos Analytics versions 12.0.x ant\u00e9rieures \u00e0 12.0.4",
      "product": {
        "name": "Cognos Analytics",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling External Authentication Server versions 6.1.0.x ant\u00e9rieures \u00e0 6.1.0.2 ifix 01",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": " Security QRadar Log Management AQL Plugin versions ant\u00e9rieures \u00e0 1.1.0",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Secure Proxy versions 6.0.x ant\u00e9rieures \u00e0 6.0.3.1 (fixpack) GA",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.4 FP5",
      "product": {
        "name": "Cognos Analytics",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Secure Proxy versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.1 (fixpack) GA",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Secure Proxy versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.0 ifix 01",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Connect:Direct Web Services versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.11_ifix001",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2017-9937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9937"
    },
    {
      "name": "CVE-2023-52356",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52356"
    },
    {
      "name": "CVE-2023-41334",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41334"
    },
    {
      "name": "CVE-2023-37536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37536"
    },
    {
      "name": "CVE-2023-40217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40217"
    },
    {
      "name": "CVE-2024-22871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22871"
    },
    {
      "name": "CVE-2024-7006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7006"
    },
    {
      "name": "CVE-2023-3316",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3316"
    },
    {
      "name": "CVE-2024-36138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36138"
    },
    {
      "name": "CVE-2018-14042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14042"
    },
    {
      "name": "CVE-2024-29041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29041"
    },
    {
      "name": "CVE-2021-45960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
    },
    {
      "name": "CVE-2024-22020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22020"
    },
    {
      "name": "CVE-2022-3626",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3626"
    },
    {
      "name": "CVE-2023-38264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38264"
    },
    {
      "name": "CVE-2024-22201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22201"
    },
    {
      "name": "CVE-2020-12401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12401"
    },
    {
      "name": "CVE-2018-15209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15209"
    },
    {
      "name": "CVE-2024-28849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28849"
    },
    {
      "name": "CVE-2018-17100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-17100"
    },
    {
      "name": "CVE-2022-3599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3599"
    },
    {
      "name": "CVE-2022-34266",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34266"
    },
    {
      "name": "CVE-2020-35521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35521"
    },
    {
      "name": "CVE-2023-0796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0796"
    },
    {
      "name": "CVE-2023-50386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50386"
    },
    {
      "name": "CVE-2024-4068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
    },
    {
      "name": "CVE-2023-52425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52425"
    },
    {
      "name": "CVE-2024-23944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23944"
    },
    {
      "name": "CVE-2022-48554",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48554"
    },
    {
      "name": "CVE-2024-39008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39008"
    },
    {
      "name": "CVE-2018-14040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14040"
    },
    {
      "name": "CVE-2024-28757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28757"
    },
    {
      "name": "CVE-2023-30086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30086"
    },
    {
      "name": "CVE-2019-11727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11727"
    },
    {
      "name": "CVE-2024-25638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25638"
    },
    {
      "name": "CVE-2022-2057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2057"
    },
    {
      "name": "CVE-2019-6128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6128"
    },
    {
      "name": "CVE-2023-26965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26965"
    },
    {
      "name": "CVE-2022-22823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
    },
    {
      "name": "CVE-2023-52426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52426"
    },
    {
      "name": "CVE-2022-2058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2058"
    },
    {
      "name": "CVE-2024-45082",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45082"
    },
    {
      "name": "CVE-2023-50782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50782"
    },
    {
      "name": "CVE-2022-3627",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3627"
    },
    {
      "name": "CVE-2022-2867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2867"
    },
    {
      "name": "CVE-2023-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
    },
    {
      "name": "CVE-2023-32067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32067"
    },
    {
      "name": "CVE-2022-3598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3598"
    },
    {
      "name": "CVE-2023-0798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0798"
    },
    {
      "name": "CVE-2019-11358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
    },
    {
      "name": "CVE-2023-2731",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2731"
    },
    {
      "name": "CVE-2023-0803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0803"
    },
    {
      "name": "CVE-2023-4807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
    },
    {
      "name": "CVE-2023-30774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30774"
    },
    {
      "name": "CVE-2023-4759",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4759"
    },
    {
      "name": "CVE-2017-11613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11613"
    },
    {
      "name": "CVE-2017-12652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12652"
    },
    {
      "name": "CVE-2024-41752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41752"
    },
    {
      "name": "CVE-2023-50447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50447"
    },
    {
      "name": "CVE-2018-18508",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18508"
    },
    {
      "name": "CVE-2024-29857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
    },
    {
      "name": "CVE-2024-34447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34447"
    },
    {
      "name": "CVE-2024-33883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33883"
    },
    {
      "name": "CVE-2022-40897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
    },
    {
      "name": "CVE-2024-29025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29025"
    },
    {
      "name": "CVE-2022-22844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22844"
    },
    {
      "name": "CVE-2014-1544",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1544"
    },
    {
      "name": "CVE-2023-4421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4421"
    },
    {
      "name": "CVE-2023-6277",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6277"
    },
    {
      "name": "CVE-2023-4813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4813"
    },
    {
      "name": "CVE-2024-45590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
    },
    {
      "name": "CVE-2024-43796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43796"
    },
    {
      "name": "CVE-2023-50298",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50298"
    },
    {
      "name": "CVE-2024-25629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25629"
    },
    {
      "name": "CVE-2024-26308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
    },
    {
      "name": "CVE-2023-50292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50292"
    },
    {
      "name": "CVE-2018-20676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20676"
    },
    {
      "name": "CVE-2023-0802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0802"
    },
    {
      "name": "CVE-2022-2056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2056"
    },
    {
      "name": "CVE-2024-4067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
    },
    {
      "name": "CVE-2024-30172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
    },
    {
      "name": "CVE-2021-43138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43138"
    },
    {
      "name": "CVE-2020-25648",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25648"
    },
    {
      "name": "CVE-2019-17023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17023"
    },
    {
      "name": "CVE-2022-21699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21699"
    },
    {
      "name": "CVE-2024-28176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28176"
    },
    {
      "name": "CVE-2019-7317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7317"
    },
    {
      "name": "CVE-2024-7264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7264"
    },
    {
      "name": "CVE-2019-17007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17007"
    },
    {
      "name": "CVE-2023-0767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0767"
    },
    {
      "name": "CVE-2023-51074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-51074"
    },
    {
      "name": "CVE-2022-23852",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
    },
    {
      "name": "CVE-2022-22825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
    },
    {
      "name": "CVE-2023-38289",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38289"
    },
    {
      "name": "CVE-2018-20677",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20677"
    },
    {
      "name": "CVE-2010-1205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1205"
    },
    {
      "name": "CVE-2020-23064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-23064"
    },
    {
      "name": "CVE-2024-22195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22195"
    },
    {
      "name": "CVE-2023-23931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23931"
    },
    {
      "name": "CVE-2015-7182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7182"
    },
    {
      "name": "CVE-2022-23990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23990"
    },
    {
      "name": "CVE-2018-16335",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16335"
    },
    {
      "name": "CVE-2024-21011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
    },
    {
      "name": "CVE-2024-29131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
    },
    {
      "name": "CVE-2021-36770",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-36770"
    },
    {
      "name": "CVE-2020-19144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-19144"
    },
    {
      "name": "CVE-2023-3164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3164"
    },
    {
      "name": "CVE-2022-3597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3597"
    },
    {
      "name": "CVE-2024-27983",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27983"
    },
    {
      "name": "CVE-2017-12627",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12627"
    },
    {
      "name": "CVE-2018-17101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-17101"
    },
    {
      "name": "CVE-2023-50291",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50291"
    },
    {
      "name": "CVE-2014-1568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1568"
    },
    {
      "name": "CVE-2020-26261",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26261"
    },
    {
      "name": "CVE-2023-24816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24816"
    },
    {
      "name": "CVE-2024-45296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
    },
    {
      "name": "CVE-2023-0801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0801"
    },
    {
      "name": "CVE-2022-4645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4645"
    },
    {
      "name": "CVE-2019-17546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17546"
    },
    {
      "name": "CVE-2022-2869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2869"
    },
    {
      "name": "CVE-2022-3479",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3479"
    },
    {
      "name": "CVE-2023-40745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40745"
    },
    {
      "name": "CVE-2024-27982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27982"
    },
    {
      "name": "CVE-2024-25710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
    },
    {
      "name": "CVE-2020-15110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15110"
    },
    {
      "name": "CVE-2023-25435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25435"
    },
    {
      "name": "CVE-2024-37372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37372"
    },
    {
      "name": "CVE-2021-38153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-38153"
    },
    {
      "name": "CVE-2023-5156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5156"
    },
    {
      "name": "CVE-2024-29133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
    },
    {
      "name": "CVE-2017-18869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-18869"
    },
    {
      "name": "CVE-2022-0562",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0562"
    },
    {
      "name": "CVE-2023-38325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38325"
    },
    {
      "name": "CVE-2019-11719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11719"
    },
    {
      "name": "CVE-2022-0891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0891"
    },
    {
      "name": "CVE-2018-7456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7456"
    },
    {
      "name": "CVE-2023-38288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38288"
    },
    {
      "name": "CVE-2024-21094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
    },
    {
      "name": "CVE-2023-0799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0799"
    },
    {
      "name": "CVE-2019-17006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17006"
    },
    {
      "name": "CVE-2020-12403",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12403"
    },
    {
      "name": "CVE-2023-6237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6237"
    },
    {
      "name": "CVE-2023-6228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6228"
    },
    {
      "name": "CVE-2021-46848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46848"
    },
    {
      "name": "CVE-2023-2650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
    },
    {
      "name": "CVE-2023-0795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0795"
    },
    {
      "name": "CVE-2024-2398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
    },
    {
      "name": "CVE-2023-50495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50495"
    },
    {
      "name": "CVE-2017-18013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-18013"
    },
    {
      "name": "CVE-2023-25194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25194"
    },
    {
      "name": "CVE-2023-6129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6129"
    },
    {
      "name": "CVE-2016-1938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1938"
    },
    {
      "name": "CVE-2017-11698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11698"
    },
    {
      "name": "CVE-2022-22827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
    },
    {
      "name": "CVE-2024-38337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38337"
    },
    {
      "name": "CVE-2018-12384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12384"
    },
    {
      "name": "CVE-2018-12404",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12404"
    },
    {
      "name": "CVE-2019-14973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14973"
    },
    {
      "name": "CVE-2020-36191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36191"
    },
    {
      "name": "CVE-2024-22018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22018"
    },
    {
      "name": "CVE-2023-0804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0804"
    },
    {
      "name": "CVE-2023-30775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30775"
    },
    {
      "name": "CVE-2023-0797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0797"
    },
    {
      "name": "CVE-2018-14041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14041"
    },
    {
      "name": "CVE-2023-1916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1916"
    },
    {
      "name": "CVE-2024-37890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37890"
    },
    {
      "name": "CVE-2020-19131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-19131"
    },
    {
      "name": "CVE-2015-7575",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7575"
    },
    {
      "name": "CVE-2023-41175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41175"
    },
    {
      "name": "CVE-2020-11022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
    },
    {
      "name": "CVE-2018-5784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5784"
    },
    {
      "name": "CVE-2018-17000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-17000"
    },
    {
      "name": "CVE-2024-28863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28863"
    },
    {
      "name": "CVE-2023-3576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3576"
    },
    {
      "name": "CVE-2023-4806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4806"
    },
    {
      "name": "CVE-2020-35523",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35523"
    },
    {
      "name": "CVE-2016-10735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10735"
    },
    {
      "name": "CVE-2024-39338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39338"
    },
    {
      "name": "CVE-2022-34749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34749"
    },
    {
      "name": "CVE-2024-30171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
    },
    {
      "name": "CVE-2020-19189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-19189"
    },
    {
      "name": "CVE-2022-0908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0908"
    },
    {
      "name": "CVE-2023-49083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-49083"
    },
    {
      "name": "CVE-2024-36114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36114"
    },
    {
      "name": "CVE-2019-11745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11745"
    },
    {
      "name": "CVE-2019-11729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11729"
    },
    {
      "name": "CVE-2024-34102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34102"
    },
    {
      "name": "CVE-2019-11756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11756"
    },
    {
      "name": "CVE-2021-32862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32862"
    },
    {
      "name": "CVE-2022-22826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
    },
    {
      "name": "CVE-2024-4367",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4367"
    },
    {
      "name": "CVE-2024-25016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25016"
    },
    {
      "name": "CVE-2022-40090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40090"
    },
    {
      "name": "CVE-2023-25434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25434"
    },
    {
      "name": "CVE-2024-29896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29896"
    },
    {
      "name": "CVE-2015-7181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7181"
    },
    {
      "name": "CVE-2020-18768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-18768"
    },
    {
      "name": "CVE-2022-34526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34526"
    },
    {
      "name": "CVE-2022-2868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2868"
    },
    {
      "name": "CVE-2017-5461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5461"
    },
    {
      "name": "CVE-2014-1569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1569"
    },
    {
      "name": "CVE-2020-12400",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12400"
    },
    {
      "name": "CVE-2023-31130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31130"
    },
    {
      "name": "CVE-2024-21085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
    },
    {
      "name": "CVE-2023-32681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
    },
    {
      "name": "CVE-2017-11695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11695"
    },
    {
      "name": "CVE-2023-2908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2908"
    },
    {
      "name": "CVE-2023-3446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
    },
    {
      "name": "CVE-2022-22824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
    },
    {
      "name": "CVE-2020-6829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6829"
    },
    {
      "name": "CVE-2017-11697",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11697"
    },
    {
      "name": "CVE-2023-0800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0800"
    },
    {
      "name": "CVE-2023-5388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5388"
    },
    {
      "name": "CVE-2024-27980",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27980"
    },
    {
      "name": "CVE-2023-5678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
    },
    {
      "name": "CVE-2024-51504",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-51504"
    },
    {
      "name": "CVE-2018-19210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-19210"
    },
    {
      "name": "CVE-2013-2099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2099"
    },
    {
      "name": "CVE-2024-6345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
    },
    {
      "name": "CVE-2019-10255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10255"
    },
    {
      "name": "CVE-2020-11023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
    },
    {
      "name": "CVE-2020-35524",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35524"
    },
    {
      "name": "CVE-2019-8331",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
    },
    {
      "name": "CVE-2024-36137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36137"
    },
    {
      "name": "CVE-2020-35522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35522"
    },
    {
      "name": "CVE-2022-3570",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3570"
    },
    {
      "name": "CVE-2017-11696",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11696"
    },
    {
      "name": "CVE-2022-0561",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0561"
    }
  ],
  "initial_release_date": "2024-12-20T00:00:00",
  "last_revision_date": "2024-12-20T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-1103",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-12-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2024-12-17",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7177142",
      "url": "https://www.ibm.com/support/pages/node/7177142"
    },
    {
      "published_at": "2024-12-17",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7177223",
      "url": "https://www.ibm.com/support/pages/node/7177223"
    },
    {
      "published_at": "2024-12-16",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7179044",
      "url": "https://www.ibm.com/support/pages/node/7179044"
    },
    {
      "published_at": "2024-12-17",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7179156",
      "url": "https://www.ibm.com/support/pages/node/7179156"
    },
    {
      "published_at": "2024-12-17",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7179166",
      "url": "https://www.ibm.com/support/pages/node/7179166"
    },
    {
      "published_at": "2024-12-13",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7178835",
      "url": "https://www.ibm.com/support/pages/node/7178835"
    }
  ]
}

CNVD-2019-23272

Vulnerability from cnvd - Published: 2019-07-18

Title

Bootstrap跨站脚本漏洞（CNVD-2019-23272）

Description

Bootstrap是一款使用HTML、CSS和JavaScript开发的开源Web前端框架。 Bootstrap 3.4.0之前的3.x版本和4.0.0-beta.2之前的4.x-beta版本中的data-target属性存在跨站脚本漏洞，远程攻击者可利用该漏洞注入任意的Web脚本或HTML。

Severity

中

Patch Name

Bootstrap跨站脚本漏洞（CNVD-2019-23272）的补丁

Patch Description

Bootstrap是一款使用HTML、CSS和JavaScript开发的开源Web前端框架。 Bootstrap 3.4.0之前的3.x版本和4.0.0-beta.2之前的4.x-beta版本中的data-target属性存在跨站脚本漏洞，远程攻击者可利用该漏洞注入任意的Web脚本或HTML。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/

Reference

https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/

Impacted products

Name
['virt-bootstrap virt-bootstrap 1.1.0', 'Bootstrap Bootstrap 4.*-beta，<4.0.0-beta.2']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-10735",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10735"
    }
  },
  "description": "Bootstrap\u662f\u4e00\u6b3e\u4f7f\u7528HTML\u3001CSS\u548cJavaScript\u5f00\u53d1\u7684\u5f00\u6e90Web\u524d\u7aef\u6846\u67b6\u3002\n\nBootstrap 3.4.0\u4e4b\u524d\u76843.x\u7248\u672c\u548c4.0.0-beta.2\u4e4b\u524d\u76844.x-beta\u7248\u672c\u4e2d\u7684data-target\u5c5e\u6027\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u4efb\u610f\u7684Web\u811a\u672c\u6216HTML\u3002",
  "discovererName": "unknown",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-23272",
  "openTime": "2019-07-18",
  "patchDescription": "Bootstrap\u662f\u4e00\u6b3e\u4f7f\u7528HTML\u3001CSS\u548cJavaScript\u5f00\u53d1\u7684\u5f00\u6e90Web\u524d\u7aef\u6846\u67b6\u3002\r\n\r\nBootstrap 3.4.0\u4e4b\u524d\u76843.x\u7248\u672c\u548c4.0.0-beta.2\u4e4b\u524d\u76844.x-beta\u7248\u672c\u4e2d\u7684data-target\u5c5e\u6027\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u4efb\u610f\u7684Web\u811a\u672c\u6216HTML\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Bootstrap\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2019-23272\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "virt-bootstrap virt-bootstrap 1.1.0",
      "Bootstrap Bootstrap 4.*-beta\uff0c\u003c4.0.0-beta.2"
    ]
  },
  "referenceLink": "https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/",
  "serverity": "\u4e2d",
  "submitTime": "2019-01-11",
  "title": "Bootstrap\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2019-23272\uff09"
}

FKIE_CVE-2016-10735

Vulnerability from fkie_nvd - Published: 2019-01-09 05:29 - Updated: 2024-11-21 02:44

Severity

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.

References

URL	Tags
cve@mitre.org	https://access.redhat.com/errata/RHBA-2019:1076
cve@mitre.org	https://access.redhat.com/errata/RHBA-2019:1570
cve@mitre.org	https://access.redhat.com/errata/RHSA-2019:1456
cve@mitre.org	https://access.redhat.com/errata/RHSA-2019:3023
cve@mitre.org	https://access.redhat.com/errata/RHSA-2020:0132
cve@mitre.org	https://access.redhat.com/errata/RHSA-2020:0133
cve@mitre.org	https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/	Release Notes, Third Party Advisory
cve@mitre.org	https://github.com/twbs/bootstrap/issues/20184	Exploit, Issue Tracking, Third Party Advisory
cve@mitre.org	https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906	Issue Tracking, Third Party Advisory
cve@mitre.org	https://github.com/twbs/bootstrap/pull/23679	Third Party Advisory
cve@mitre.org	https://github.com/twbs/bootstrap/pull/23687	Patch, Third Party Advisory
cve@mitre.org	https://github.com/twbs/bootstrap/pull/26460	Third Party Advisory
cve@mitre.org	https://www.tenable.com/security/tns-2021-14
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHBA-2019:1076
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHBA-2019:1570
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2019:1456
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2019:3023
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0132
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0133
af854a3a-2127-422b-91ae-364da2661108	https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/	Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/twbs/bootstrap/issues/20184	Exploit, Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/twbs/bootstrap/pull/23679	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/twbs/bootstrap/pull/23687	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/twbs/bootstrap/pull/26460	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.tenable.com/security/tns-2021-14

Impacted products

	Vendor	Product	Version
	getbootstrap	bootstrap	*
	getbootstrap	bootstrap	4.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8497B424-E8CC-4FEF-844B-FE33F2C18E6E",
              "versionEndExcluding": "3.4.0",
              "versionStartIncluding": "3.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*",
              "matchCriteriaId": "C5E15817-0A5D-4C30-9A3C-F85F275E78DC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041."
    },
    {
      "lang": "es",
      "value": "En las versiones de Bootstrap anteriores a la 3.4.0 y en las 4.x-beta anteriores a la 4.0.0-beta.2, Cross-Site Scripting (XSS) es posible en el atributo \"data-target\". Se trata de una vulnerabilidad diferente de CVE-2018-14041."
    }
  ],
  "id": "CVE-2016-10735",
  "lastModified": "2024-11-21T02:44:37.590",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-01-09T05:29:00.883",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://access.redhat.com/errata/RHBA-2019:1076"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://access.redhat.com/errata/RHBA-2019:1570"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://access.redhat.com/errata/RHSA-2019:1456"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://access.redhat.com/errata/RHSA-2019:3023"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://access.redhat.com/errata/RHSA-2020:0132"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://access.redhat.com/errata/RHSA-2020:0133"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://github.com/twbs/bootstrap/issues/20184"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/twbs/bootstrap/pull/23679"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/twbs/bootstrap/pull/23687"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/twbs/bootstrap/pull/26460"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.tenable.com/security/tns-2021-14"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHBA-2019:1076"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHBA-2019:1570"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2019:1456"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2019:3023"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2020:0132"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2020:0133"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://github.com/twbs/bootstrap/issues/20184"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/twbs/bootstrap/pull/23679"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/twbs/bootstrap/pull/23687"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/twbs/bootstrap/pull/26460"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.tenable.com/security/tns-2021-14"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-4P24-VMCR-4GQJ

Vulnerability from github – Published: 2019-01-17 13:57 – Updated: 2024-08-05 16:29

Summary

Bootstrap Cross-site Scripting vulnerability

Details

In Bootstrap 2.x from 2.0.4, 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute. Note that this is a different vulnerability than CVE-2018-14041.

See https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/ for more info.

Severity

6.1 (Medium)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "bootstrap"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.4"
            },
            {
              "fixed": "3.4.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "bootstrap"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0.0-beta"
            },
            {
              "fixed": "4.0.0-beta.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.webjars:bootstrap"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.4"
            },
            {
              "fixed": "3.4.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.webjars:bootstrap"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0.0-beta"
            },
            {
              "fixed": "4.0.0-beta.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "bootstrap"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.0.0-beta.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "twbs/bootstrap"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.4"
            },
            {
              "fixed": "3.4.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "twbs/bootstrap"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0.0-beta"
            },
            {
              "fixed": "4.0.0-beta.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "bootstrap"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.4"
            },
            {
              "fixed": "3.4.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "bootstrap"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0.0-beta"
            },
            {
              "fixed": "4.0.0-beta.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "bootstrap-sass"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.4"
            },
            {
              "fixed": "3.4.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "bootstrap-sass"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.4"
            },
            {
              "fixed": "3.4.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "bootstrap.sass"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0.0-beta"
            },
            {
              "fixed": "4.0.0-beta.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2016-10735"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T20:58:39Z",
    "nvd_published_at": "2019-01-09T05:29:00Z",
    "severity": "MODERATE"
  },
  "details": "In Bootstrap 2.x from 2.0.4, 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute. Note that this is a different vulnerability than CVE-2018-14041.\n\nSee https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/ for more info.",
  "id": "GHSA-4p24-vmcr-4gqj",
  "modified": "2024-08-05T16:29:11Z",
  "published": "2019-01-17T13:57:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10735"
    },
    {
      "type": "WEB",
      "url": "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906"
    },
    {
      "type": "WEB",
      "url": "https://github.com/twbs/bootstrap/issues/20184"
    },
    {
      "type": "WEB",
      "url": "https://github.com/twbs/bootstrap/pull/26460"
    },
    {
      "type": "WEB",
      "url": "https://github.com/twbs/bootstrap/pull/23687"
    },
    {
      "type": "WEB",
      "url": "https://github.com/twbs/bootstrap/pull/23679"
    },
    {
      "type": "WEB",
      "url": "https://github.com/github/advisory-database/pull/3281"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/twbs/bootstrap"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2016-10735.yml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2016-10735.yml"
    },
    {
      "type": "WEB",
      "url": "https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0"
    },
    {
      "type": "WEB",
      "url": "https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:0133"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:0132"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:3023"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:1456"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHBA-2019:1570"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHBA-2019:1076"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Bootstrap Cross-site Scripting vulnerability"
}

GSD-2016-10735

Vulnerability from gsd - Updated: 2016-07-27 00:00

Details

In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute.

Aliases

CVE-2016-10735

Aliases

CVE-2016-10735

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-10735",
    "description": "In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.",
    "id": "GSD-2016-10735",
    "references": [
      "https://access.redhat.com/errata/RHSA-2020:5571",
      "https://access.redhat.com/errata/RHSA-2020:4847",
      "https://access.redhat.com/errata/RHSA-2020:4670",
      "https://access.redhat.com/errata/RHSA-2020:3936",
      "https://access.redhat.com/errata/RHSA-2020:0133",
      "https://access.redhat.com/errata/RHSA-2020:0132",
      "https://access.redhat.com/errata/RHBA-2019:4199",
      "https://access.redhat.com/errata/RHSA-2019:3023",
      "https://access.redhat.com/errata/RHBA-2019:1570",
      "https://access.redhat.com/errata/RHSA-2019:1456",
      "https://access.redhat.com/errata/RHBA-2019:1076",
      "https://linux.oracle.com/cve/CVE-2016-10735.html",
      "https://access.redhat.com/errata/RHSA-2023:0552",
      "https://access.redhat.com/errata/RHSA-2023:0553",
      "https://access.redhat.com/errata/RHSA-2023:0554",
      "https://access.redhat.com/errata/RHSA-2023:0556"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "affected": [
        {
          "package": {
            "ecosystem": "RubyGems",
            "name": "bootstrap",
            "purl": "pkg:gem/bootstrap"
          }
        }
      ],
      "aliases": [
        "CVE-2016-10735"
      ],
      "details": "In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2,\nXSS is possible in the data-target attribute.\n",
      "id": "GSD-2016-10735",
      "modified": "2016-07-27T00:00:00.000Z",
      "published": "2016-07-27T00:00:00.000Z",
      "references": [
        {
          "type": "WEB",
          "url": "https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/"
        },
        {
          "type": "WEB",
          "url": "https://github.com/twbs/bootstrap/issues/20184"
        }
      ],
      "schema_version": "1.4.0",
      "severity": [
        {
          "score": 4.3,
          "type": "CVSS_V2"
        },
        {
          "score": 6.1,
          "type": "CVSS_V3"
        }
      ],
      "summary": "XSS vulnerability via data-target in bootstrap"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2016-10735",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906",
            "refsource": "MISC",
            "url": "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906"
          },
          {
            "name": "https://github.com/twbs/bootstrap/pull/26460",
            "refsource": "MISC",
            "url": "https://github.com/twbs/bootstrap/pull/26460"
          },
          {
            "name": "https://github.com/twbs/bootstrap/issues/20184",
            "refsource": "MISC",
            "url": "https://github.com/twbs/bootstrap/issues/20184"
          },
          {
            "name": "https://github.com/twbs/bootstrap/pull/23687",
            "refsource": "MISC",
            "url": "https://github.com/twbs/bootstrap/pull/23687"
          },
          {
            "name": "https://github.com/twbs/bootstrap/pull/23679",
            "refsource": "MISC",
            "url": "https://github.com/twbs/bootstrap/pull/23679"
          },
          {
            "name": "https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/",
            "refsource": "MISC",
            "url": "https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/"
          },
          {
            "name": "RHSA-2019:1456",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2019:1456"
          },
          {
            "name": "RHBA-2019:1076",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHBA-2019:1076"
          },
          {
            "name": "RHBA-2019:1570",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHBA-2019:1570"
          },
          {
            "name": "RHSA-2019:3023",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2019:3023"
          },
          {
            "name": "RHSA-2020:0132",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2020:0132"
          },
          {
            "name": "RHSA-2020:0133",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2020:0133"
          },
          {
            "name": "https://www.tenable.com/security/tns-2021-14",
            "refsource": "CONFIRM",
            "url": "https://www.tenable.com/security/tns-2021-14"
          }
        ]
      }
    },
    "github.com/rubysec/ruby-advisory-db": {
      "cve": "2016-10735",
      "cvss_v2": 4.3,
      "cvss_v3": 6.1,
      "date": "2016-07-27",
      "description": "In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2,\nXSS is possible in the data-target attribute.\n",
      "gem": "bootstrap-sass",
      "patched_versions": [
        "\u003e= 3.4.0"
      ],
      "related": {
        "url": [
          "https://github.com/twbs/bootstrap/issues/20184"
        ]
      },
      "title": "XSS vulnerability via data-target in bootstrap-sass",
      "url": "https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/"
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003c3.4.0",
          "affected_versions": "All version before 3.4.0",
          "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-79",
            "CWE-937"
          ],
          "date": "2021-07-22",
          "description": "In Bootstrap, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.",
          "fixed_versions": [
            "3.4.0"
          ],
          "identifier": "CVE-2016-10735",
          "identifiers": [
            "CVE-2016-10735"
          ],
          "not_impacted": "All versions starting from 3.4.0",
          "package_slug": "gem/bootstrap-sass",
          "pubdate": "2019-01-09",
          "solution": "Upgrade to version 3.4.0 or above.",
          "title": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2016-10735"
          ],
          "uuid": "85bbecfa-75cd-41ae-982f-9abd086ba2be"
        },
        {
          "affected_range": "\u003c3.4.0",
          "affected_versions": "All version before 3.4.0",
          "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-79",
            "CWE-937"
          ],
          "date": "2021-07-22",
          "description": "In Bootstrap, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.",
          "fixed_versions": [
            "3.4.0"
          ],
          "identifier": "CVE-2016-10735",
          "identifiers": [
            "CVE-2016-10735"
          ],
          "not_impacted": "All versions starting from 3.4.0",
          "package_slug": "gem/bootstrap",
          "pubdate": "2019-01-09",
          "solution": "Upgrade to version 3.4.0 or above.",
          "title": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2016-10735"
          ],
          "uuid": "706a4860-0665-4976-8b65-8eebd3ec8253"
        },
        {
          "affected_range": "\u003e=3.0.0 \u003c3.4.0",
          "affected_versions": "All versions starting from 3.0.0 before 3.4.0",
          "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-79",
            "CWE-79",
            "CWE-937"
          ],
          "date": "2021-07-26",
          "description": "In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.",
          "fixed_versions": [
            "3.4.0"
          ],
          "identifier": "CVE-2016-10735",
          "identifiers": [
            "GHSA-4p24-vmcr-4gqj",
            "CVE-2016-10735"
          ],
          "not_impacted": "All versions before 3.0.0, all versions starting from 3.4.0",
          "package_slug": "npm/bootstrap",
          "pubdate": "2019-01-17",
          "solution": "Upgrade to version 3.4.0 or above.",
          "title": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2016-10735",
            "https://github.com/twbs/bootstrap/issues/20184",
            "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906",
            "https://github.com/twbs/bootstrap/pull/23679",
            "https://github.com/twbs/bootstrap/pull/23687",
            "https://github.com/twbs/bootstrap/pull/26460",
            "https://access.redhat.com/errata/RHBA-2019:1076",
            "https://access.redhat.com/errata/RHBA-2019:1570",
            "https://access.redhat.com/errata/RHSA-2019:1456",
            "https://access.redhat.com/errata/RHSA-2019:3023",
            "https://access.redhat.com/errata/RHSA-2020:0132",
            "https://access.redhat.com/errata/RHSA-2020:0133",
            "https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/",
            "https://github.com/advisories/GHSA-4p24-vmcr-4gqj"
          ],
          "uuid": "342cce90-f89a-4210-b51c-55ac1bf557f6"
        },
        {
          "affected_range": "[3.0.0,3.4.0),[4.0.0]",
          "affected_versions": "All versions starting from 3.0.0 before 3.4.0, version 4.0.0",
          "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-79",
            "CWE-937"
          ],
          "date": "2021-07-22",
          "description": "In Bootstrap, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.",
          "fixed_versions": [
            "3.4.0"
          ],
          "identifier": "CVE-2016-10735",
          "identifiers": [
            "CVE-2016-10735"
          ],
          "not_impacted": "All versions before 3.0.0, all versions starting from 3.4.0 before 4.0.0, all versions after 4.0.0",
          "package_slug": "nuget/Bootstrap.Less",
          "pubdate": "2019-01-09",
          "solution": "Upgrade to version 3.4.0 or above.",
          "title": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2016-10735",
            "https://github.com/twbs/bootstrap/pull/26460"
          ],
          "uuid": "36002d9b-9839-4fad-bfa0-c668b82c0166"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.4.0",
                "versionStartIncluding": "3.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-10735"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/twbs/bootstrap/pull/26460",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/twbs/bootstrap/pull/26460"
            },
            {
              "name": "https://github.com/twbs/bootstrap/pull/23687",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/twbs/bootstrap/pull/23687"
            },
            {
              "name": "https://github.com/twbs/bootstrap/pull/23679",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/twbs/bootstrap/pull/23679"
            },
            {
              "name": "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906",
              "refsource": "MISC",
              "tags": [
                "Issue Tracking",
                "Third Party Advisory"
              ],
              "url": "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906"
            },
            {
              "name": "https://github.com/twbs/bootstrap/issues/20184",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Issue Tracking",
                "Third Party Advisory"
              ],
              "url": "https://github.com/twbs/bootstrap/issues/20184"
            },
            {
              "name": "https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Third Party Advisory"
              ],
              "url": "https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/"
            },
            {
              "name": "RHSA-2019:1456",
              "refsource": "REDHAT",
              "tags": [],
              "url": "https://access.redhat.com/errata/RHSA-2019:1456"
            },
            {
              "name": "RHBA-2019:1076",
              "refsource": "REDHAT",
              "tags": [],
              "url": "https://access.redhat.com/errata/RHBA-2019:1076"
            },
            {
              "name": "RHBA-2019:1570",
              "refsource": "REDHAT",
              "tags": [],
              "url": "https://access.redhat.com/errata/RHBA-2019:1570"
            },
            {
              "name": "RHSA-2019:3023",
              "refsource": "REDHAT",
              "tags": [],
              "url": "https://access.redhat.com/errata/RHSA-2019:3023"
            },
            {
              "name": "RHSA-2020:0132",
              "refsource": "REDHAT",
              "tags": [],
              "url": "https://access.redhat.com/errata/RHSA-2020:0132"
            },
            {
              "name": "RHSA-2020:0133",
              "refsource": "REDHAT",
              "tags": [],
              "url": "https://access.redhat.com/errata/RHSA-2020:0133"
            },
            {
              "name": "https://www.tenable.com/security/tns-2021-14",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://www.tenable.com/security/tns-2021-14"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2021-07-22T18:15Z",
      "publishedDate": "2019-01-09T05:29Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-10735 (GCVE-0-2016-10735)

Vulnerability from osv_almalinux

Solution

Solution

Solutions

Solutions

Solutions

Tags

Sightings

Nomenclature