VAR-202004-2191
Vulnerability from variot - Updated: 2025-12-22 22:57In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. jQuery is an open source, cross-browser JavaScript library developed by American John Resig programmers. The library simplifies the operation between HTML and JavaScript, and has the characteristics of modularization and plug-in extension. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. You can also manage user accounts for web applications, mobile applications, and RESTful web services. Description:
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: RHV Manager (ovirt-engine) [ovirt-4.5.2] bug fix and security update Advisory ID: RHSA-2022:6393-01 Product: Red Hat Virtualization Advisory URL: https://access.redhat.com/errata/RHSA-2022:6393 Issue date: 2022-09-08 CVE Names: CVE-2020-11022 CVE-2020-11023 CVE-2021-22096 CVE-2021-23358 CVE-2022-2806 CVE-2022-31129 ==================================================================== 1. Summary:
Updated ovirt-engine packages that fix several bugs and add various enhancements are now available.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4 - noarch
- Description:
The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.
Security Fix(es):
-
nodejs-underscore: Arbitrary code execution via the template function (CVE-2021-23358)
-
moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)
-
jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
-
jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods (CVE-2020-11023)
-
ovirt-log-collector: RHVM admin password is logged unfiltered (CVE-2022-2806)
-
springframework: malicious input leads to insertion of additional log entries (CVE-2021-22096)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
-
Previously, running engine-setup did not always renew OVN certificates close to expiration or expired. With this release, OVN certificates are always renewed by engine-setup when needed. (BZ#2097558)
-
Previously, the Manager issued warnings of approaching certificate expiration before engine-setup could update certificates. In this release expiration warnings and certificate update periods are aligned, and certificates are updated as soon as expiration warnings occur. (BZ#2097725)
-
With this release, OVA export or import work on hosts with a non-standard SSH port. (BZ#2104939)
-
With this release, the certificate validity test is compatible with RHEL 8 and RHEL 7 based hypervisors. (BZ#2107250)
-
RHV 4.4 SP1 and later are only supported on RHEL 8.6, customers cannot use RHEL 8.7 or later, and must stay with RHEL 8.6 EUS. (BZ#2108985)
-
Previously, importing templates from the Administration Portal did not work. With this release, importing templates from the Administration Portal is possible. (BZ#2109923)
-
ovirt-provider-ovn certificate expiration is checked along with other RHV certificates. If ovirt-provider-ovn is about to expire or already expired, a warning or alert is raised in the audit log. To renew the ovirt-provider-ovn certificate, administators must run engine-setup. If your ovirt-provider-ovn certificate expires on a previous RHV version, upgrade to RHV 4.4 SP1 batch 2 or later, and ovirt-provider-ovn certificate will be renewed automatically in the engine-setup. (BZ#2097560)
-
Previously, when importing a virtual machine with manual CPU pinning, the manual pinning string was cleared, but the CPU pinning policy was not set to NONE. As a result, importing failed. In this release, the CPU pinning policy is set to NONE if the CPU pinning string is cleared, and importing succeeds. (BZ#2104115)
-
Previously, the Manager could start a virtual machine with a Resize and Pin NUMA policy on a host without an equal number of physical sockets to NUMA nodes. As a result, wrong pinning was assigned to the policy. With this release, the Manager does not allow the virtual machine to be scheduled on such a virtual machine, and the pinning is correct based on the algorithm. (BZ#1955388)
-
Rebase package(s) to version: 4.4.7. Highlights, important fixes, or notable enhancements: fixed BZ#2081676 (BZ#2104831)
-
In this release, rhv-log-collector-analyzer provides detailed output for each problematic image, including disk names, associated virtual machine, the host running the virtual machine, snapshots, and current SPM. The detailed view is now the default. The compact option can be set by using the --compact switch in the command line. (BZ#2097536)
-
UnboundID LDAP SDK has been rebased on upstream version 6.0.4. See https://github.com/pingidentity/ldapsdk/releases for changes since version 4.0.14 (BZ#2092478)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/2974891
- Bugs fixed (https://bugzilla.redhat.com/):
1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1850004 - CVE-2020-11023 jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods 1939284 - clusterPolicyWeightFunctionInfo tooltip needs improvement in relation to Rank Selector policy unit. 1944286 - CVE-2021-23358 nodejs-underscore: Arbitrary code execution via the template function 1955388 - Auto Pinning Policy only pins some of the vCPUs on a single NUMA host 1974974 - Not possible to determine migration policy from the API, even though documentation reports that it can be done. 2034584 - CVE-2021-22096 springframework: malicious input leads to insertion of additional log entries 2080005 - CVE-2022-2806 ovirt-log-collector: RHVM admin password is logged unfiltered 2092478 - Upgrade unboundid-ldapsdk to 6.0.4 2094577 - rhv-image-discrepancies must ignore small disks created by OCP 2097536 - [RFE] Add disk name and uuid to problems output 2097558 - Renew ovirt-provider-ovn.cer certificates during engine-setup 2097560 - Warning when ovsdb-server certificates are about to expire(OVN certificate) 2097725 - Certificate Warn period and automatic renewal via engine-setup do not match 2104115 - RHV 4.5 cannot import VMs with cpu pinning 2104831 - Upgrade ovirt-log-collector to 4.4.7 2104939 - Export OVA when using host with port other than 22 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS 2107250 - Upgrade of the host failed as the RHV 4.3 hypervisor is based on RHEL 7 with openssl 1.0.z, but RHV Manager 4.4 uses the openssl 1.1.z syntax 2107267 - ovirt-log-collector doesn't generate database dump 2108985 - RHV 4.4 SP1 EUS requires RHEL 8.6 EUS (RHEL 8.7+ releases are not supported on RHV 4.4 SP1 EUS) 2109923 - Error when importing templates in Admin portal
- Package List:
RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4:
Source: ovirt-engine-4.5.2.4-0.1.el8ev.src.rpm ovirt-engine-dwh-4.5.4-1.el8ev.src.rpm ovirt-engine-extension-aaa-ldap-1.4.6-1.el8ev.src.rpm ovirt-engine-ui-extensions-1.3.5-1.el8ev.src.rpm ovirt-log-collector-4.4.7-2.el8ev.src.rpm ovirt-web-ui-1.9.1-1.el8ev.src.rpm rhv-log-collector-analyzer-1.0.15-1.el8ev.src.rpm unboundid-ldapsdk-6.0.4-1.el8ev.src.rpm vdsm-jsonrpc-java-1.7.2-1.el8ev.src.rpm
noarch: ovirt-engine-4.5.2.4-0.1.el8ev.noarch.rpm ovirt-engine-backend-4.5.2.4-0.1.el8ev.noarch.rpm ovirt-engine-dbscripts-4.5.2.4-0.1.el8ev.noarch.rpm ovirt-engine-dwh-4.5.4-1.el8ev.noarch.rpm ovirt-engine-dwh-grafana-integration-setup-4.5.4-1.el8ev.noarch.rpm ovirt-engine-dwh-setup-4.5.4-1.el8ev.noarch.rpm ovirt-engine-extension-aaa-ldap-1.4.6-1.el8ev.noarch.rpm ovirt-engine-extension-aaa-ldap-setup-1.4.6-1.el8ev.noarch.rpm ovirt-engine-health-check-bundler-4.5.2.4-0.1.el8ev.noarch.rpm ovirt-engine-restapi-4.5.2.4-0.1.el8ev.noarch.rpm ovirt-engine-setup-4.5.2.4-0.1.el8ev.noarch.rpm ovirt-engine-setup-base-4.5.2.4-0.1.el8ev.noarch.rpm ovirt-engine-setup-plugin-cinderlib-4.5.2.4-0.1.el8ev.noarch.rpm ovirt-engine-setup-plugin-imageio-4.5.2.4-0.1.el8ev.noarch.rpm ovirt-engine-setup-plugin-ovirt-engine-4.5.2.4-0.1.el8ev.noarch.rpm ovirt-engine-setup-plugin-ovirt-engine-common-4.5.2.4-0.1.el8ev.noarch.rpm ovirt-engine-setup-plugin-vmconsole-proxy-helper-4.5.2.4-0.1.el8ev.noarch.rpm ovirt-engine-setup-plugin-websocket-proxy-4.5.2.4-0.1.el8ev.noarch.rpm ovirt-engine-tools-4.5.2.4-0.1.el8ev.noarch.rpm ovirt-engine-tools-backup-4.5.2.4-0.1.el8ev.noarch.rpm ovirt-engine-ui-extensions-1.3.5-1.el8ev.noarch.rpm ovirt-engine-vmconsole-proxy-helper-4.5.2.4-0.1.el8ev.noarch.rpm ovirt-engine-webadmin-portal-4.5.2.4-0.1.el8ev.noarch.rpm ovirt-engine-websocket-proxy-4.5.2.4-0.1.el8ev.noarch.rpm ovirt-log-collector-4.4.7-2.el8ev.noarch.rpm ovirt-web-ui-1.9.1-1.el8ev.noarch.rpm python3-ovirt-engine-lib-4.5.2.4-0.1.el8ev.noarch.rpm rhv-log-collector-analyzer-1.0.15-1.el8ev.noarch.rpm rhvm-4.5.2.4-0.1.el8ev.noarch.rpm unboundid-ldapsdk-6.0.4-1.el8ev.noarch.rpm unboundid-ldapsdk-javadoc-6.0.4-1.el8ev.noarch.rpm vdsm-jsonrpc-java-1.7.2-1.el8ev.noarch.rpm vdsm-jsonrpc-java-javadoc-1.7.2-1.el8ev.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-11022 https://access.redhat.com/security/cve/CVE-2020-11023 https://access.redhat.com/security/cve/CVE-2021-22096 https://access.redhat.com/security/cve/CVE-2021-23358 https://access.redhat.com/security/cve/CVE-2022-2806 https://access.redhat.com/security/cve/CVE-2022-31129 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYxnqRtzjgjWX9erEAQiQOw//XOS172gkbNeuoMSW1IYiEpJG4zQIvT2J VvyizOMlQzpe49Bkopu1zj/e8yM1eXNIg1elPzA3280z7ruNb4fkeoXT7vM5mB/0 jRAr1ja9ZHnZmEW60X3WVhEBjEXCeOv5CWBgqzdQWSB7RpPqfMP7/4kHGFnCPZxu V/n+Z9YKoDxeiW19tuTdU5E5cFySVV8JZAlfXlrR1dz815Ugsm2AMk6uPwjQ2+C7 Uz3zLQLjRjxFk+qSph8NYbOZGnUkypWQG5KXPMyk/Cg3jewjMkjAhzgcTJAdolRC q3p9kD5KdWRe+3xzjy6B4IsSSqvEyHphwrRv8wgk0vIAawfgi76+jL7n/C07rdpA Qg6zlDxmHDrZPC42dsW6dXJ1QefRQE5EzFFJcoycqvWdlRfXX6D1RZc5knSQb2iI 3iSh+hVwxY9pzNZVMlwtDHhw8dqvgw7JimToy8vOldgK0MdndwtVmKsKsRzu7HyL PQSvcN5lSv1X5FR2tnx9LMQXX1qn0P1d/8gTiRFm8Oabjx2r8I0/HNgnJpTSVSBO DXjKFDmwpiT+6tupM39ZbWek2hh+PoyMZJb/d6/YTND6VNlzUypq+DFtLILEaM8Z OjWz0YAL8/ihvhq0vSdFSMFcYKSWAOXA+6pSqe7N7WtB9hl0r7sLUaRSRHti1Ime uF/GLDTKkPw=8zTJ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Solution:
For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html
- Summary:
An update for ipa is now available for Red Hat Enterprise Linux 7. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
The following packages have been upgraded to a later upstream version: ipa (4.6.8). (BZ#1819725)
Security Fix(es):
-
js-jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)
-
bootstrap: XSS in the data-target attribute (CVE-2016-10735)
-
bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)
-
bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. Bugs fixed (https://bugzilla.redhat.com/):
1399546 - CVE-2015-9251 js-jquery: Cross-site scripting via cross-domain ajax requests 1404770 - ID Views: do not allow custom Views for the masters 1545755 - ipa-replica-prepare should not update pki admin password. 1601614 - CVE-2018-14040 bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute 1601617 - CVE-2018-14042 bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip. 1668082 - CVE-2018-20676 bootstrap: XSS in the tooltip data-viewport attribute 1668089 - CVE-2018-20677 bootstrap: XSS in the affix configuration target property 1668097 - CVE-2016-10735 bootstrap: XSS in the data-target attribute 1686454 - CVE-2019-8331 bootstrap: XSS in the tooltip or popover data-template attribute 1701972 - CVE-2019-11358 js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection 1754902 - Running ipa-server-install fails when RHEL 7.7 packages are installed on RHEL 7.6 1755535 - ipa-advise on a RHEL7 IdM server is not able to generate a configuration script for a RHEL8 IdM client 1756568 - ipa-server-certinstall man page does not match built-in help. 1758406 - KRA authentication fails when IPA CA has custom Subject DN 1769791 - Invisible part of notification area in Web UI intercepts clicks of some page elements 1771356 - Default client configuration breaks ssh in FIPS mode. 1780548 - Man page ipa-cacert-manage does not display correctly on RHEL 1782587 - add "systemctl restart sssd" to warning message when adding trust agents to replicas 1788718 - ipa-server-install incorrectly setting slew mode (-x) when setting up ntpd 1788907 - Renewed certs are not picked up by IPA CAs 1793071 - CVE-2020-1722 ipa: No password length restriction leads to denial of service 1795890 - ipa-pkinit-manage enable fails on replica if it doesn't host the CA 1801791 - Compatibility Schema difference in functionality for systems following RHEL 7.5 -> 7.6 upgrade path as opposed to new RHEL 7.6 systems 1817886 - ipa group-add-member: prevent adding IPA objects as external members 1817918 - Secure tomcat AJP connector 1817919 - Enable compat tree to provide information about AD users and groups on trust agents 1817922 - covscan memory leaks report 1817923 - IPA upgrade is failing with error "Failed to get request: bus, object_path and dbus_interface must not be None." 1817927 - host-add --password logs cleartext userpassword to Apache error log 1819725 - Rebase IPA to latest 4.6.x version 1825829 - ipa-advise on a RHEL7 IdM server generate a configuration script for client having hardcoded python3 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1829787 - ipa service-del deletes the required principal when specified in lower/upper case 1834385 - Man page syntax issue detected by rpminspect 1842950 - ipa-adtrust-install fails when replica is offline
- 7):
noarch: ipa-server-common-4.6.8-5.el7.noarch.rpm ipa-server-dns-4.6.8-5.el7.noarch.rpm python2-ipaserver-4.6.8-5.el7.noarch.rpm
x86_64: ipa-debuginfo-4.6.8-5.el7.x86_64.rpm ipa-server-4.6.8-5.el7.x86_64.rpm ipa-server-trust-ad-4.6.8-5.el7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: ipa-4.6.8-5.el7.src.rpm
noarch: ipa-client-common-4.6.8-5.el7.noarch.rpm ipa-common-4.6.8-5.el7.noarch.rpm ipa-python-compat-4.6.8-5.el7.noarch.rpm ipa-server-common-4.6.8-5.el7.noarch.rpm ipa-server-dns-4.6.8-5.el7.noarch.rpm python2-ipaclient-4.6.8-5.el7.noarch.rpm python2-ipalib-4.6.8-5.el7.noarch.rpm python2-ipaserver-4.6.8-5.el7.noarch.rpm
ppc64: ipa-client-4.6.8-5.el7.ppc64.rpm ipa-debuginfo-4.6.8-5.el7.ppc64.rpm
ppc64le: ipa-client-4.6.8-5.el7.ppc64le.rpm ipa-debuginfo-4.6.8-5.el7.ppc64le.rpm
s390x: ipa-client-4.6.8-5.el7.s390x.rpm ipa-debuginfo-4.6.8-5.el7.s390x.rpm
x86_64: ipa-client-4.6.8-5.el7.x86_64.rpm ipa-debuginfo-4.6.8-5.el7.x86_64.rpm ipa-server-4.6.8-5.el7.x86_64.rpm ipa-server-trust-ad-4.6.8-5.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. Description:
Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. Bugs fixed (https://bugzilla.redhat.com/):
1739497 - CVE-2019-10744 nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying properties 1813344 - CVE-2020-7598 nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or proto payload 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1829724 - CVE-2020-12459 grafana: information disclosure through world-readable grafana configuration files
6
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-2191",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "jdeveloper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "financial services data foundation",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6.0.0"
},
{
"model": "hospitality simphony",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1.0-19.1.2"
},
{
"model": "financial services market risk measurement and management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"model": "drupal",
"scope": "gte",
"trust": 1.0,
"vendor": "drupal",
"version": "8.7.0"
},
{
"model": "financial services liquidity risk measurement and management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "h300s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "drupal",
"scope": "lt",
"trust": 1.0,
"vendor": "drupal",
"version": "8.7.14"
},
{
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3.0"
},
{
"model": "financial services analytical applications reconciliation framework",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"model": "hospitality materials control",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1"
},
{
"model": "hospitality simphony",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1.2"
},
{
"model": "financial services data governance for us regulatory reporting",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.9"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.4.6"
},
{
"model": "financial services analytical applications reconciliation framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "financial services basel regulatory capital basic",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"model": "enterprise session border controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.4"
},
{
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "financial services profitability management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "snapcenter",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "drupal",
"scope": "gte",
"trust": 1.0,
"vendor": "drupal",
"version": "8.8.0"
},
{
"model": "financial services price creation and discovery",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "insurance data foundation",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.1"
},
{
"model": "insurance allocation manager for enterprise profitability",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "financial services analytical applications reconciliation framework",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "financial services liquidity risk measurement and management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "insurance accounting analyzer",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.9"
},
{
"model": "financial services loan loss forecasting and provisioning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "financial services funds transfer pricing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "insurance data foundation",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "agile product lifecycle management for process",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.58"
},
{
"model": "communications eagle application processor",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.1.0"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.2"
},
{
"model": "jquery",
"scope": "gte",
"trust": 1.0,
"vendor": "jquery",
"version": "1.2"
},
{
"model": "financial services basel regulatory capital basic",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "financial services data governance for us regulatory reporting",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "financial services profitability management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "drupal",
"scope": "gte",
"trust": 1.0,
"vendor": "drupal",
"version": "7.0"
},
{
"model": "blockchain platform",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "21.1.2"
},
{
"model": "drupal",
"scope": "lt",
"trust": 1.0,
"vendor": "drupal",
"version": "8.8.6"
},
{
"model": "communications diameter signaling router idih\\:",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "31"
},
{
"model": "financial services loan loss forecasting and provisioning",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "insurance insbridge rating and underwriting",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.0.0.0"
},
{
"model": "financial services regulatory reporting for european banking authority",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "h300e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.2"
},
{
"model": "healthcare foundation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.2.0"
},
{
"model": "siebel ui framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.8"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.1.0.0"
},
{
"model": "banking digital experience",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "20.1"
},
{
"model": "h700e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "h500s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "financial services funds transfer pricing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "financial services price creation and discovery",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "healthcare foundation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.2.1"
},
{
"model": "policy automation",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.20"
},
{
"model": "oncommand system manager",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "3.0"
},
{
"model": "financial services profitability management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "financial services hedge management and ifrs valuations",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.4.0.0"
},
{
"model": "banking digital experience",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1"
},
{
"model": "policy automation",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0"
},
{
"model": "financial services asset liability management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "communications application session controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.8m0"
},
{
"model": "financial services basel regulatory capital internal ratings based approach",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "financial services market risk measurement and management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.3"
},
{
"model": "financial services hedge management and ifrs valuations",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.3.6.0.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "financial services basel regulatory capital internal ratings based approach",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"model": "drupal",
"scope": "lt",
"trust": 1.0,
"vendor": "drupal",
"version": "7.70"
},
{
"model": "insurance insbridge rating and underwriting",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.6.1.0"
},
{
"model": "financial services balance sheet planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"model": "financial services funds transfer pricing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "hospitality simphony",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1"
},
{
"model": "insurance allocation manager for enterprise profitability",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"model": "financial services asset liability management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "insurance data foundation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6-8.1.0"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.56"
},
{
"model": "financial services basel regulatory capital basic",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "financial services regulatory reporting for us federal reserve",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.9"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.57"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.2"
},
{
"model": "communications services gatekeeper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "financial services data integration hub",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "healthcare foundation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.0"
},
{
"model": "insurance insbridge rating and underwriting",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.6.0.0"
},
{
"model": "hospitality simphony",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.2"
},
{
"model": "financial services data foundation",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "policy automation for mobile devices",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.20"
},
{
"model": "storagetek acsls",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.5.1"
},
{
"model": "snap creator framework",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "financial services basel regulatory capital internal ratings based approach",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "h410c",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1"
},
{
"model": "policy automation for mobile devices",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0"
},
{
"model": "jquery",
"scope": "lt",
"trust": 1.0,
"vendor": "jquery",
"version": "3.5.0"
},
{
"model": "financial services liquidity risk management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "oncommand insight",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0.0.0"
},
{
"model": "h500e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h410s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "log correlation engine",
"scope": "lt",
"trust": 1.0,
"vendor": "tenable",
"version": "6.0.9"
},
{
"model": "communications diameter signaling router idih\\:",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "healthcare foundation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.1.1"
},
{
"model": "financial services data integration hub",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "communications eagle application processor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.4.0"
},
{
"model": "financial services asset liability management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "financial services regulatory reporting for us federal reserve",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "max data",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "financial services regulatory reporting for european banking authority",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "financial services loan loss forecasting and provisioning",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"model": "agile product supplier collaboration for process",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.1"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "hospitality simphony",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1.0"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "communications webrtc session controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.2"
},
{
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.5.0.23.0"
},
{
"model": "financial services hedge management and ifrs valuations",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "financial services data integration hub",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.1"
},
{
"model": "h700s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "financial services liquidity risk measurement and management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"model": "retail customer management and segmentation foundation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0"
},
{
"model": "oncommand system manager",
"scope": "lte",
"trust": 1.0,
"vendor": "netapp",
"version": "3.1.3"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-11022"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "171215"
},
{
"db": "PACKETSTORM",
"id": "171211"
},
{
"db": "PACKETSTORM",
"id": "168304"
},
{
"db": "PACKETSTORM",
"id": "161727"
},
{
"db": "PACKETSTORM",
"id": "159353"
},
{
"db": "PACKETSTORM",
"id": "157905"
}
],
"trust": 0.6
},
"cve": "CVE-2020-11022",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2020-11022",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-163559",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2020-11022",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "security-advisories@github.com",
"availabilityImpact": "NONE",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"id": "CVE-2020-11022",
"impactScore": 4.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-11022",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "security-advisories@github.com",
"id": "CVE-2020-11022",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-2429",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-163559",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163559"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2429"
},
{
"db": "NVD",
"id": "CVE-2020-11022"
},
{
"db": "NVD",
"id": "CVE-2020-11022"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery\u0027s DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. jQuery is an open source, cross-browser JavaScript library developed by American John Resig programmers. The library simplifies the operation between HTML and JavaScript, and has the characteristics of modularization and plug-in extension. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. You can also manage\nuser accounts for web applications, mobile applications, and RESTful web\nservices. Description:\n\nRed Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak\nproject, that provides authentication and standards-based single sign-on\ncapabilities for web and mobile applications. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: RHV Manager (ovirt-engine) [ovirt-4.5.2] bug fix and security update\nAdvisory ID: RHSA-2022:6393-01\nProduct: Red Hat Virtualization\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:6393\nIssue date: 2022-09-08\nCVE Names: CVE-2020-11022 CVE-2020-11023 CVE-2021-22096\n CVE-2021-23358 CVE-2022-2806 CVE-2022-31129\n====================================================================\n1. Summary:\n\nUpdated ovirt-engine packages that fix several bugs and add various\nenhancements are now available. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4 - noarch\n\n3. Description:\n\nThe ovirt-engine package provides the Red Hat Virtualization Manager, a\ncentralized management platform that allows system administrators to view\nand manage virtual machines. The Manager provides a comprehensive range of\nfeatures including search capabilities, resource management, live\nmigrations, and virtual infrastructure provisioning. \n\nSecurity Fix(es):\n\n* nodejs-underscore: Arbitrary code execution via the template function\n(CVE-2021-23358)\n\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter\nmethod (CVE-2020-11022)\n\n* jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM\nmanipulation methods (CVE-2020-11023)\n\n* ovirt-log-collector: RHVM admin password is logged unfiltered\n(CVE-2022-2806)\n\n* springframework: malicious input leads to insertion of additional log\nentries (CVE-2021-22096)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* Previously, running engine-setup did not always renew OVN certificates\nclose to expiration or expired. With this release, OVN certificates are\nalways renewed by engine-setup when needed. (BZ#2097558)\n\n* Previously, the Manager issued warnings of approaching certificate\nexpiration before engine-setup could update certificates. In this release\nexpiration warnings and certificate update periods are aligned, and\ncertificates are updated as soon as expiration warnings occur. (BZ#2097725)\n\n* With this release, OVA export or import work on hosts with a non-standard\nSSH port. (BZ#2104939)\n\n* With this release, the certificate validity test is compatible with RHEL\n8 and RHEL 7 based hypervisors. (BZ#2107250)\n\n* RHV 4.4 SP1 and later are only supported on RHEL 8.6, customers cannot\nuse RHEL 8.7 or later, and must stay with RHEL 8.6 EUS. (BZ#2108985)\n\n* Previously, importing templates from the Administration Portal did not\nwork. With this release, importing templates from the Administration Portal\nis possible. (BZ#2109923)\n\n* ovirt-provider-ovn certificate expiration is checked along with other RHV\ncertificates. If ovirt-provider-ovn is about to expire or already expired,\na warning or alert is raised in the audit log. To renew the\novirt-provider-ovn certificate, administators must run engine-setup. If\nyour ovirt-provider-ovn certificate expires on a previous RHV version,\nupgrade to RHV 4.4 SP1 batch 2 or later, and ovirt-provider-ovn certificate\nwill be renewed automatically in the engine-setup. (BZ#2097560)\n\n* Previously, when importing a virtual machine with manual CPU pinning, the\nmanual pinning string was cleared, but the CPU pinning policy was not set\nto NONE. As a result, importing failed. In this release, the CPU pinning\npolicy is set to NONE if the CPU pinning string is cleared, and importing\nsucceeds. (BZ#2104115)\n\n* Previously, the Manager could start a virtual machine with a Resize and\nPin NUMA policy on a host without an equal number of physical sockets to\nNUMA nodes. As a result, wrong pinning was assigned to the policy. With\nthis release, the Manager does not allow the virtual machine to be\nscheduled on such a virtual machine, and the pinning is correct based on\nthe algorithm. (BZ#1955388)\n\n* Rebase package(s) to version: 4.4.7. \nHighlights, important fixes, or notable enhancements: fixed BZ#2081676\n(BZ#2104831)\n\n* In this release, rhv-log-collector-analyzer provides detailed output for\neach problematic image, including disk names, associated virtual machine,\nthe host running the virtual machine, snapshots, and current SPM. The\ndetailed view is now the default. The compact option can be set by using\nthe --compact switch in the command line. (BZ#2097536)\n\n* UnboundID LDAP SDK has been rebased on upstream version 6.0.4. See\nhttps://github.com/pingidentity/ldapsdk/releases for changes since version\n4.0.14 (BZ#2092478)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method\n1850004 - CVE-2020-11023 jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods\n1939284 - clusterPolicyWeightFunctionInfo tooltip needs improvement in relation to Rank Selector policy unit. \n1944286 - CVE-2021-23358 nodejs-underscore: Arbitrary code execution via the template function\n1955388 - Auto Pinning Policy only pins some of the vCPUs on a single NUMA host\n1974974 - Not possible to determine migration policy from the API, even though documentation reports that it can be done. \n2034584 - CVE-2021-22096 springframework: malicious input leads to insertion of additional log entries\n2080005 - CVE-2022-2806 ovirt-log-collector: RHVM admin password is logged unfiltered\n2092478 - Upgrade unboundid-ldapsdk to 6.0.4\n2094577 - rhv-image-discrepancies must ignore small disks created by OCP\n2097536 - [RFE] Add disk name and uuid to problems output\n2097558 - Renew ovirt-provider-ovn.cer certificates during engine-setup\n2097560 - Warning when ovsdb-server certificates are about to expire(OVN certificate)\n2097725 - Certificate Warn period and automatic renewal via engine-setup do not match\n2104115 - RHV 4.5 cannot import VMs with cpu pinning\n2104831 - Upgrade ovirt-log-collector to 4.4.7\n2104939 - Export OVA when using host with port other than 22\n2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n2107250 - Upgrade of the host failed as the RHV 4.3 hypervisor is based on RHEL 7 with openssl 1.0.z, but RHV Manager 4.4 uses the openssl 1.1.z syntax\n2107267 - ovirt-log-collector doesn\u0027t generate database dump\n2108985 - RHV 4.4 SP1 EUS requires RHEL 8.6 EUS (RHEL 8.7+ releases are not supported on RHV 4.4 SP1 EUS)\n2109923 - Error when importing templates in Admin portal\n\n6. Package List:\n\nRHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4:\n\nSource:\novirt-engine-4.5.2.4-0.1.el8ev.src.rpm\novirt-engine-dwh-4.5.4-1.el8ev.src.rpm\novirt-engine-extension-aaa-ldap-1.4.6-1.el8ev.src.rpm\novirt-engine-ui-extensions-1.3.5-1.el8ev.src.rpm\novirt-log-collector-4.4.7-2.el8ev.src.rpm\novirt-web-ui-1.9.1-1.el8ev.src.rpm\nrhv-log-collector-analyzer-1.0.15-1.el8ev.src.rpm\nunboundid-ldapsdk-6.0.4-1.el8ev.src.rpm\nvdsm-jsonrpc-java-1.7.2-1.el8ev.src.rpm\n\nnoarch:\novirt-engine-4.5.2.4-0.1.el8ev.noarch.rpm\novirt-engine-backend-4.5.2.4-0.1.el8ev.noarch.rpm\novirt-engine-dbscripts-4.5.2.4-0.1.el8ev.noarch.rpm\novirt-engine-dwh-4.5.4-1.el8ev.noarch.rpm\novirt-engine-dwh-grafana-integration-setup-4.5.4-1.el8ev.noarch.rpm\novirt-engine-dwh-setup-4.5.4-1.el8ev.noarch.rpm\novirt-engine-extension-aaa-ldap-1.4.6-1.el8ev.noarch.rpm\novirt-engine-extension-aaa-ldap-setup-1.4.6-1.el8ev.noarch.rpm\novirt-engine-health-check-bundler-4.5.2.4-0.1.el8ev.noarch.rpm\novirt-engine-restapi-4.5.2.4-0.1.el8ev.noarch.rpm\novirt-engine-setup-4.5.2.4-0.1.el8ev.noarch.rpm\novirt-engine-setup-base-4.5.2.4-0.1.el8ev.noarch.rpm\novirt-engine-setup-plugin-cinderlib-4.5.2.4-0.1.el8ev.noarch.rpm\novirt-engine-setup-plugin-imageio-4.5.2.4-0.1.el8ev.noarch.rpm\novirt-engine-setup-plugin-ovirt-engine-4.5.2.4-0.1.el8ev.noarch.rpm\novirt-engine-setup-plugin-ovirt-engine-common-4.5.2.4-0.1.el8ev.noarch.rpm\novirt-engine-setup-plugin-vmconsole-proxy-helper-4.5.2.4-0.1.el8ev.noarch.rpm\novirt-engine-setup-plugin-websocket-proxy-4.5.2.4-0.1.el8ev.noarch.rpm\novirt-engine-tools-4.5.2.4-0.1.el8ev.noarch.rpm\novirt-engine-tools-backup-4.5.2.4-0.1.el8ev.noarch.rpm\novirt-engine-ui-extensions-1.3.5-1.el8ev.noarch.rpm\novirt-engine-vmconsole-proxy-helper-4.5.2.4-0.1.el8ev.noarch.rpm\novirt-engine-webadmin-portal-4.5.2.4-0.1.el8ev.noarch.rpm\novirt-engine-websocket-proxy-4.5.2.4-0.1.el8ev.noarch.rpm\novirt-log-collector-4.4.7-2.el8ev.noarch.rpm\novirt-web-ui-1.9.1-1.el8ev.noarch.rpm\npython3-ovirt-engine-lib-4.5.2.4-0.1.el8ev.noarch.rpm\nrhv-log-collector-analyzer-1.0.15-1.el8ev.noarch.rpm\nrhvm-4.5.2.4-0.1.el8ev.noarch.rpm\nunboundid-ldapsdk-6.0.4-1.el8ev.noarch.rpm\nunboundid-ldapsdk-javadoc-6.0.4-1.el8ev.noarch.rpm\nvdsm-jsonrpc-java-1.7.2-1.el8ev.noarch.rpm\nvdsm-jsonrpc-java-javadoc-1.7.2-1.el8ev.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-11022\nhttps://access.redhat.com/security/cve/CVE-2020-11023\nhttps://access.redhat.com/security/cve/CVE-2021-22096\nhttps://access.redhat.com/security/cve/CVE-2021-23358\nhttps://access.redhat.com/security/cve/CVE-2022-2806\nhttps://access.redhat.com/security/cve/CVE-2022-31129\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYxnqRtzjgjWX9erEAQiQOw//XOS172gkbNeuoMSW1IYiEpJG4zQIvT2J\nVvyizOMlQzpe49Bkopu1zj/e8yM1eXNIg1elPzA3280z7ruNb4fkeoXT7vM5mB/0\njRAr1ja9ZHnZmEW60X3WVhEBjEXCeOv5CWBgqzdQWSB7RpPqfMP7/4kHGFnCPZxu\nV/n+Z9YKoDxeiW19tuTdU5E5cFySVV8JZAlfXlrR1dz815Ugsm2AMk6uPwjQ2+C7\nUz3zLQLjRjxFk+qSph8NYbOZGnUkypWQG5KXPMyk/Cg3jewjMkjAhzgcTJAdolRC\nq3p9kD5KdWRe+3xzjy6B4IsSSqvEyHphwrRv8wgk0vIAawfgi76+jL7n/C07rdpA\nQg6zlDxmHDrZPC42dsW6dXJ1QefRQE5EzFFJcoycqvWdlRfXX6D1RZc5knSQb2iI\n3iSh+hVwxY9pzNZVMlwtDHhw8dqvgw7JimToy8vOldgK0MdndwtVmKsKsRzu7HyL\nPQSvcN5lSv1X5FR2tnx9LMQXX1qn0P1d/8gTiRFm8Oabjx2r8I0/HNgnJpTSVSBO\nDXjKFDmwpiT+6tupM39ZbWek2hh+PoyMZJb/d6/YTND6VNlzUypq+DFtLILEaM8Z\nOjWz0YAL8/ihvhq0vSdFSMFcYKSWAOXA+6pSqe7N7WtB9hl0r7sLUaRSRHti1Ime\nuF/GLDTKkPw=8zTJ\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Solution:\n\nFor information on upgrading Ansible Tower, reference the Ansible Tower\nUpgrade and Migration Guide:\nhttps://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/\nindex.html\n\n4. Summary:\n\nAn update for ipa is now available for Red Hat Enterprise Linux 7. 7) - noarch, x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\n\n3. \n\nThe following packages have been upgraded to a later upstream version: ipa\n(4.6.8). (BZ#1819725)\n\nSecurity Fix(es):\n\n* js-jquery: Cross-site scripting via cross-domain ajax requests\n(CVE-2015-9251)\n\n* bootstrap: XSS in the data-target attribute (CVE-2016-10735)\n\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent\nattribute (CVE-2018-14040)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-container property of\ntooltip. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.9 Release Notes linked from the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n1399546 - CVE-2015-9251 js-jquery: Cross-site scripting via cross-domain ajax requests\n1404770 - ID Views: do not allow custom Views for the masters\n1545755 - ipa-replica-prepare should not update pki admin password. \n1601614 - CVE-2018-14040 bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute\n1601617 - CVE-2018-14042 bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip. \n1668082 - CVE-2018-20676 bootstrap: XSS in the tooltip data-viewport attribute\n1668089 - CVE-2018-20677 bootstrap: XSS in the affix configuration target property\n1668097 - CVE-2016-10735 bootstrap: XSS in the data-target attribute\n1686454 - CVE-2019-8331 bootstrap: XSS in the tooltip or popover data-template attribute\n1701972 - CVE-2019-11358 js-jquery: prototype pollution in object\u0027s prototype leading to denial of service or remote code execution or property injection\n1754902 - Running ipa-server-install fails when RHEL 7.7 packages are installed on RHEL 7.6\n1755535 - ipa-advise on a RHEL7 IdM server is not able to generate a configuration script for a RHEL8 IdM client\n1756568 - ipa-server-certinstall man page does not match built-in help. \n1758406 - KRA authentication fails when IPA CA has custom Subject DN\n1769791 - Invisible part of notification area in Web UI intercepts clicks of some page elements\n1771356 - Default client configuration breaks ssh in FIPS mode. \n1780548 - Man page ipa-cacert-manage does not display correctly on RHEL\n1782587 - add \"systemctl restart sssd\" to warning message when adding trust agents to replicas\n1788718 - ipa-server-install incorrectly setting slew mode (-x) when setting up ntpd\n1788907 - Renewed certs are not picked up by IPA CAs\n1793071 - CVE-2020-1722 ipa: No password length restriction leads to denial of service\n1795890 - ipa-pkinit-manage enable fails on replica if it doesn\u0027t host the CA\n1801791 - Compatibility Schema difference in functionality for systems following RHEL 7.5 -\u003e 7.6 upgrade path as opposed to new RHEL 7.6 systems\n1817886 - ipa group-add-member: prevent adding IPA objects as external members\n1817918 - Secure tomcat AJP connector\n1817919 - Enable compat tree to provide information about AD users and groups on trust agents\n1817922 - covscan memory leaks report\n1817923 - IPA upgrade is failing with error \"Failed to get request: bus, object_path and dbus_interface must not be None.\"\n1817927 - host-add --password logs cleartext userpassword to Apache error log\n1819725 - Rebase IPA to latest 4.6.x version\n1825829 - ipa-advise on a RHEL7 IdM server generate a configuration script for client having hardcoded python3\n1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method\n1829787 - ipa service-del deletes the required principal when specified in lower/upper case\n1834385 - Man page syntax issue detected by rpminspect\n1842950 - ipa-adtrust-install fails when replica is offline\n\n6. 7):\n\nnoarch:\nipa-server-common-4.6.8-5.el7.noarch.rpm\nipa-server-dns-4.6.8-5.el7.noarch.rpm\npython2-ipaserver-4.6.8-5.el7.noarch.rpm\n\nx86_64:\nipa-debuginfo-4.6.8-5.el7.x86_64.rpm\nipa-server-4.6.8-5.el7.x86_64.rpm\nipa-server-trust-ad-4.6.8-5.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nipa-4.6.8-5.el7.src.rpm\n\nnoarch:\nipa-client-common-4.6.8-5.el7.noarch.rpm\nipa-common-4.6.8-5.el7.noarch.rpm\nipa-python-compat-4.6.8-5.el7.noarch.rpm\nipa-server-common-4.6.8-5.el7.noarch.rpm\nipa-server-dns-4.6.8-5.el7.noarch.rpm\npython2-ipaclient-4.6.8-5.el7.noarch.rpm\npython2-ipalib-4.6.8-5.el7.noarch.rpm\npython2-ipaserver-4.6.8-5.el7.noarch.rpm\n\nppc64:\nipa-client-4.6.8-5.el7.ppc64.rpm\nipa-debuginfo-4.6.8-5.el7.ppc64.rpm\n\nppc64le:\nipa-client-4.6.8-5.el7.ppc64le.rpm\nipa-debuginfo-4.6.8-5.el7.ppc64le.rpm\n\ns390x:\nipa-client-4.6.8-5.el7.s390x.rpm\nipa-debuginfo-4.6.8-5.el7.s390x.rpm\n\nx86_64:\nipa-client-4.6.8-5.el7.x86_64.rpm\nipa-debuginfo-4.6.8-5.el7.x86_64.rpm\nipa-server-4.6.8-5.el7.x86_64.rpm\nipa-server-trust-ad-4.6.8-5.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. Description:\n\nRed Hat OpenShift Service Mesh is Red Hat\u0027s distribution of the Istio\nservice mesh project, tailored for installation into an on-premise\nOpenShift Container Platform installation. Bugs fixed (https://bugzilla.redhat.com/):\n\n1739497 - CVE-2019-10744 nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying properties\n1813344 - CVE-2020-7598 nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload\n1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method\n1829724 - CVE-2020-12459 grafana: information disclosure through world-readable grafana configuration files\n\n6",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-11022"
},
{
"db": "VULHUB",
"id": "VHN-163559"
},
{
"db": "PACKETSTORM",
"id": "171215"
},
{
"db": "PACKETSTORM",
"id": "171211"
},
{
"db": "PACKETSTORM",
"id": "168304"
},
{
"db": "PACKETSTORM",
"id": "161727"
},
{
"db": "PACKETSTORM",
"id": "159353"
},
{
"db": "PACKETSTORM",
"id": "157905"
}
],
"trust": 1.53
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-11022",
"trust": 2.3
},
{
"db": "PACKETSTORM",
"id": "162159",
"trust": 1.7
},
{
"db": "TENABLE",
"id": "TNS-2021-02",
"trust": 1.7
},
{
"db": "TENABLE",
"id": "TNS-2020-10",
"trust": 1.7
},
{
"db": "TENABLE",
"id": "TNS-2020-11",
"trust": 1.7
},
{
"db": "TENABLE",
"id": "TNS-2021-10",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "159353",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "161727",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168304",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "170823",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "159852",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "160274",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "170821",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "159275",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "158750",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "159513",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "157850",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "158555",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2429",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "157905",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.2694",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0620",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0845",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4248",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3700",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2775",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1066",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2287",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1916",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3485",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0909",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1961",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.0583",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3902",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3368",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.0585",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2515",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1880",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1863",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1519",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0824",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2375",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0465",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3255",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2966",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5150",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2525",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1804",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3875",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2660",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1925",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1512",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2660.3",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3028",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.1653",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071412",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042543",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072094",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021101936",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022041931",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042537",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012403",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072292",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022022516",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072721",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012754",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042618",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042302",
"trust": 0.6
},
{
"db": "CXSECURITY",
"id": "WLB-2022060033",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "49766",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "158406",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "158282",
"trust": 0.6
},
{
"db": "LENOVO",
"id": "LEN-60182",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-22-097-01",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "48898",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "171215",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "171213",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171214",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171212",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "159876",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170819",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170817",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-163559",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171211",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163559"
},
{
"db": "PACKETSTORM",
"id": "171215"
},
{
"db": "PACKETSTORM",
"id": "171211"
},
{
"db": "PACKETSTORM",
"id": "168304"
},
{
"db": "PACKETSTORM",
"id": "161727"
},
{
"db": "PACKETSTORM",
"id": "159353"
},
{
"db": "PACKETSTORM",
"id": "157905"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2429"
},
{
"db": "NVD",
"id": "CVE-2020-11022"
}
]
},
"id": "VAR-202004-2191",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-163559"
}
],
"trust": 0.01
},
"last_update_date": "2025-12-22T22:57:36.525000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "jQuery Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=117510"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2429"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163559"
},
{
"db": "NVD",
"id": "CVE-2020-11022"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/162159/jquery-1.2-cross-site-scripting.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.7,
"url": "https://github.com/jquery/jquery/security/advisories/ghsa-gxr4-xjj5-5px2"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20200511-0006/"
},
{
"trust": 1.7,
"url": "https://www.drupal.org/sa-core-2020-002"
},
{
"trust": 1.7,
"url": "https://www.tenable.com/security/tns-2020-10"
},
{
"trust": 1.7,
"url": "https://www.tenable.com/security/tns-2020-11"
},
{
"trust": 1.7,
"url": "https://www.tenable.com/security/tns-2021-02"
},
{
"trust": 1.7,
"url": "https://www.tenable.com/security/tns-2021-10"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2020/dsa-4693"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202007-03"
},
{
"trust": 1.7,
"url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"
},
{
"trust": 1.7,
"url": "https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77"
},
{
"trust": 1.7,
"url": "https://jquery.com/upgrade-guide/3.5/"
},
{
"trust": 1.7,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11022"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/avkyxlwclzbv2n7m46kyk4lva5oxwpby/"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3cdev.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133%40%3ccommits.airflow.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/sapqvx3xdnpgft26qaq6ajixzzbz4cd4/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/qpn2l2xvqgua2v5hnqjwhk3apsk3vn7k/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/voe7p7apprqkd4fgnhbkjpdy6ffcoh3w/"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/sfp4uk4egp4afh2mwyj5a5z4i7xvfq6b/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/avkyxlwclzbv2n7m46kyk4lva5oxwpby/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/voe7p7apprqkd4fgnhbkjpdy6ffcoh3w/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/qpn2l2xvqgua2v5hnqjwhk3apsk3vn7k/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/sfp4uk4egp4afh2mwyj5a5z4i7xvfq6b/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/sapqvx3xdnpgft26qaq6ajixzzbz4cd4/"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133@%3ccommits.airflow.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67@%3cdev.flink.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-11022"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022041931"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161727/red-hat-security-advisory-2021-0778-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159275/red-hat-security-advisory-2020-3807-01.html"
},
{
"trust": 0.6,
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/49766"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/48898"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3875/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-jquery-vulnerabilities-affect-ibm-emptoris-strategic-supply-management-platform-cve-2020-11023-cve-2020-11022/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6520510"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158555/gentoo-linux-security-advisory-202007-03.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-jquery-as-used-by-ibm-qradar-network-packet-capture-is-vulnerable-to-cross-site-scripting-xss-cve-2020-11023-cve-2020-11022/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072292"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities-10/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities-8/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2375/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1066"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5150"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168304/red-hat-security-advisory-2022-6393-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042543"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1804/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1925/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042302"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/160274/red-hat-security-advisory-2020-5249-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072721"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022022516"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157850/red-hat-security-advisory-2020-2217-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072094"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021101936"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158406/red-hat-security-advisory-2020-2412-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2660.3/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lms-on-premise-all-jquery-publicly-disclosed-vulnerability-cve-2020-11023-cve-2020-11022/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-workspace-is-affected-by-security-vulnerabilities-3/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jquery-affect-ibm-wiotp-messagegateway-cve-2020-11023-cve-2020-11022/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1916"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1519"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/170821/red-hat-security-advisory-2023-0552-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0585"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159852/red-hat-security-advisory-2020-4847-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2660/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0583"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-license-key-server-administration-and-reporting-tool-is-impacted-by-multiple-vulnerabilities-in-jquery-bootstrap-and-angularjs/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerability-issues-affect-ibm-spectrum-symphony-7-3-1/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerabilities-in-jquery-might-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2020-7656-cve-2020-11022-cve-2020-11023/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3255/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3485/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159513/red-hat-security-advisory-2020-4211-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lcms-premier-on-premise-all-jquery-publicly-disclosed-vulnerability-cve-2020-11023-cve-2020-11022/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4248/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2287/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2966/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157905/red-hat-security-advisory-2020-2362-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1880/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.1653"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2694/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042537"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158282/red-hat-security-advisory-2020-2813-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042618"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0845"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2775/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-jquery-affect-ibm-license-metric-tool-v9/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0824"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-verify-information-queue-uses-a-node-js-package-with-known-vulnerabilities-cve-2020-11023-cve-2020-11022/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1961/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1512"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerabilities-in-jquery-might-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2020-7656-cve-2020-11022-cve-2020-11023-2/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159353/red-hat-security-advisory-2020-3936-01.html"
},
{
"trust": 0.6,
"url": "https://support.lenovo.com/us/en/product_security/len-60182"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilites-affect-ibm-jazz-foundation-and-ibm-engineering-products-5/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3028/"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/issue/wlb-2022060033"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2515"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158750/red-hat-security-advisory-2020-3247-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-jquery-as-used-in-ibm-security-qradar-packet-capture-is-vulnerable-to-cross-site-scripting-xss-cve-2020-11023-cve-2020-11022/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012754"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0465"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6525182"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-netcool-impact-is-affected-by-jquery-vulnerabilities-cve-2020-11022-cve-2020-11023/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-vulnerabilities-in-drupal-cve-2020-11022-cve-2020-11023/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6490381"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1863/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-vulnerabilities-in-drupal-cve-2020-11022-cve-2020-11023-2/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jquery-fixed-in-mobile-foundation-cve-2020-11023-cve-2020-11022/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3700/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071412"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0909"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-fixed-in-ibm-security-identity-manager-virtual-appliance/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3902/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2525"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0620"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012403"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-jquery-spring-dom4j-mongodb-linux-kernel-targetcli-fb-jackson-node-js-and-apache-commons-affect-ibm-spectrum-protect-plus/"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-097-01"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-has-been-identified-in-bigfix-platform-shipped-with-ibm-license-metric-tool-2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3368/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/170823/red-hat-security-advisory-2023-0553-01.html"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.4,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14042"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14040"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31129"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-31129"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-14042"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-14040"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11358"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-11358"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-11023"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11023"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-38750"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1471"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1438"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-3916"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-40150"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-40149"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-25857"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-46175"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-35065"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-45047"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-46364"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44906"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-44906"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2023-0091"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-24785"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-3782"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-42004"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-2764"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2764"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-46363"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1471"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2023-0264"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-38751"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1274"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-37603"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-45693"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-38749"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-35065"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-42003"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1438"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25857"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24785"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1274"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-47629"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:1047"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-21843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-4039"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-37603"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-40304"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-21835"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-40303"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-4137"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:1044"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22096"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6393"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22096"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23358"
},
{
"trust": 0.1,
"url": "https://github.com/pingidentity/ldapsdk/releases"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/2974891"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2806"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23358"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2806"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12723"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17006"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20907"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12749"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12401"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12402"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1971"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14866"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20372"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10878"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20228"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7595"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20253"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17006"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20388"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12401"
},
{
"trust": 0.1,
"url": "https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17023"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17023"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12749"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-6829"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0778"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14866"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8177"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12403"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12400"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20388"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12723"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19956"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11756"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11756"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12243"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10543"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12400"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20191"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11727"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12243"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1971"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11719"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20180"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11727"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-5766"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12403"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-15903"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10878"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20178"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5766"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15903"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20372"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19956"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17498"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17498"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20907"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10543"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35678"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12402"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-9251"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8331"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1722"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20676"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1722"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10735"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20676"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20677"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-9251"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3936"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20677"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-10735"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8331"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2362"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10744"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12459"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7598"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12459"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10744"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7598"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163559"
},
{
"db": "PACKETSTORM",
"id": "171215"
},
{
"db": "PACKETSTORM",
"id": "171211"
},
{
"db": "PACKETSTORM",
"id": "168304"
},
{
"db": "PACKETSTORM",
"id": "161727"
},
{
"db": "PACKETSTORM",
"id": "159353"
},
{
"db": "PACKETSTORM",
"id": "157905"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2429"
},
{
"db": "NVD",
"id": "CVE-2020-11022"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-163559"
},
{
"db": "PACKETSTORM",
"id": "171215"
},
{
"db": "PACKETSTORM",
"id": "171211"
},
{
"db": "PACKETSTORM",
"id": "168304"
},
{
"db": "PACKETSTORM",
"id": "161727"
},
{
"db": "PACKETSTORM",
"id": "159353"
},
{
"db": "PACKETSTORM",
"id": "157905"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2429"
},
{
"db": "NVD",
"id": "CVE-2020-11022"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-29T00:00:00",
"db": "VULHUB",
"id": "VHN-163559"
},
{
"date": "2023-03-02T15:19:44",
"db": "PACKETSTORM",
"id": "171215"
},
{
"date": "2023-03-02T15:19:02",
"db": "PACKETSTORM",
"id": "171211"
},
{
"date": "2022-09-08T14:41:25",
"db": "PACKETSTORM",
"id": "168304"
},
{
"date": "2021-03-09T16:25:11",
"db": "PACKETSTORM",
"id": "161727"
},
{
"date": "2020-09-30T15:44:20",
"db": "PACKETSTORM",
"id": "159353"
},
{
"date": "2020-06-02T22:47:18",
"db": "PACKETSTORM",
"id": "157905"
},
{
"date": "2020-04-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2429"
},
{
"date": "2020-04-29T22:15:11.903000",
"db": "NVD",
"id": "CVE-2020-11022"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-25T00:00:00",
"db": "VULHUB",
"id": "VHN-163559"
},
{
"date": "2023-03-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2429"
},
{
"date": "2024-11-21T04:56:36.110000",
"db": "NVD",
"id": "CVE-2020-11022"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2429"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "jQuery Cross-site scripting vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2429"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "157905"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2429"
}
],
"trust": 0.7
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…