Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-7656 (GCVE-0-2020-7656)
Vulnerability from cvelistv5 – Published: 2020-05-19 00:00 – Updated: 2024-08-04 09:33
VLAI?
EPSS
Summary
jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.
Severity ?
No CVSS data available.
CWE
- Cross-site Scripting
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.995Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200528-0001/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JS-JQUERY-569619"
},
{
"tags": [
"x_transferred"
],
"url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1?language=en_US"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "jquery",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 1.9.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"\u003cscript\u003e\" HTML tags that contain a whitespace character, i.e: \"\u003c/script \u003e\", which results in the enclosed script logic to be executed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-13T00:00:00",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20200528-0001/"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"url": "https://snyk.io/vuln/SNYK-JS-JQUERY-569619"
},
{
"url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1?language=en_US"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2020-7656",
"datePublished": "2020-05-19T00:00:00",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:33:19.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jquery:jquery:*:*:*:*:*:node.js:*:*\", \"versionEndExcluding\": \"1.9.0\", \"matchCriteriaId\": \"49F1A5F5-D118-444E-B0EA-757DD5E181AC\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*\", \"matchCriteriaId\": \"F3E0B672-3E06-4422-B2A4-0BD073AEC2A1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*\", \"matchCriteriaId\": \"3A756737-1CC4-42C2-A4DF-E1C893B4E2D5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*\", \"matchCriteriaId\": \"B55E8D50-99B4-47EC-86F9-699B67D473CE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5C2089EE-5D7F-47EC-8EA5-0F69790564C4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.0.0\", \"versionEndIncluding\": \"3.1.3\", \"matchCriteriaId\": \"34B80C9D-62AA-42FA-AB46-F8A414FCBE5E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9F4754FB-E3EB-454A-AB1A-AE3835C5350C\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"216E7DDE-453D-481F-92E2-9F8466CDDA3F\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \\\"\u003cscript\u003e\\\" HTML tags that contain a whitespace character, i.e: \\\"\u003c/script \u003e\\\", which results in the enclosed script logic to be executed.\"}, {\"lang\": \"es\", \"value\": \"jquery versiones anteriores a 1.9.0, permite ataques de tipo Cross-site Scripting por medio del m\\u00e9todo de carga. El m\\u00e9todo de carga presenta un fallo al reconocer y eliminar las etiquetas HTML \\\"(script)\\\" que contienen un car\\u00e1cter de espacio en blanco, es decir: \\\"(/script )\\\", lo cual resulta en que la l\\u00f3gica de script adjunta sea ejecutada.\"}]",
"id": "CVE-2020-7656",
"lastModified": "2024-11-21T05:37:33.227",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2020-05-19T21:15:10.257",
"references": "[{\"url\": \"https://security.netapp.com/advisory/ntap-20200528-0001/\", \"source\": \"report@snyk.io\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://snyk.io/vuln/SNYK-JS-JQUERY-569619\", \"source\": \"report@snyk.io\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1?language=en_US\", \"source\": \"report@snyk.io\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2022.html\", \"source\": \"report@snyk.io\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20200528-0001/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://snyk.io/vuln/SNYK-JS-JQUERY-569619\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1?language=en_US\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2022.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "report@snyk.io",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-7656\",\"sourceIdentifier\":\"report@snyk.io\",\"published\":\"2020-05-19T21:15:10.257\",\"lastModified\":\"2024-11-21T05:37:33.227\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \\\"\u003cscript\u003e\\\" HTML tags that contain a whitespace character, i.e: \\\"\u003c/script \u003e\\\", which results in the enclosed script logic to be executed.\"},{\"lang\":\"es\",\"value\":\"jquery versiones anteriores a 1.9.0, permite ataques de tipo Cross-site Scripting por medio del m\u00e9todo de carga. El m\u00e9todo de carga presenta un fallo al reconocer y eliminar las etiquetas HTML \\\"(script)\\\" que contienen un car\u00e1cter de espacio en blanco, es decir: \\\"(/script )\\\", lo cual resulta en que la l\u00f3gica de script adjunta sea ejecutada.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jquery:jquery:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"1.9.0\",\"matchCriteriaId\":\"49F1A5F5-D118-444E-B0EA-757DD5E181AC\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*\",\"matchCriteriaId\":\"F3E0B672-3E06-4422-B2A4-0BD073AEC2A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*\",\"matchCriteriaId\":\"3A756737-1CC4-42C2-A4DF-E1C893B4E2D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"B55E8D50-99B4-47EC-86F9-699B67D473CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C2089EE-5D7F-47EC-8EA5-0F69790564C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndIncluding\":\"3.1.3\",\"matchCriteriaId\":\"34B80C9D-62AA-42FA-AB46-F8A414FCBE5E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F4754FB-E3EB-454A-AB1A-AE3835C5350C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"216E7DDE-453D-481F-92E2-9F8466CDDA3F\"}]}]}],\"references\":[{\"url\":\"https://security.netapp.com/advisory/ntap-20200528-0001/\",\"source\":\"report@snyk.io\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://snyk.io/vuln/SNYK-JS-JQUERY-569619\",\"source\":\"report@snyk.io\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1?language=en_US\",\"source\":\"report@snyk.io\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"report@snyk.io\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20200528-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://snyk.io/vuln/SNYK-JS-JQUERY-569619\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1?language=en_US\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
CERTFR-2022-AVI-928
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar | IBM QRadar Pulse App versions antérieures à 2.2.9 | ||
| IBM | N/A | CP4BA version 22.0.1 sans le correctif de sécurité CP4BA 22.0.1-IF2 | ||
| IBM | Cloud Pak | IBM Robotic Process Automation pour Cloud Pak versions antérieures à 21.0.5 | ||
| IBM | N/A | IBM ECM CMIS et FileNet Collaboration Services version 3.0.6 sans le correctif de sécurité CMIS 3.0.6-IF2 | ||
| IBM | Cognos Analytics | IBM Cognos Analytics versions 11.2.x antérieures à 11.2.3 | ||
| IBM | Cognos Analytics | IBM Cognos Analytics versions 11.1.x antérieures à 11.1.7 FP6 | ||
| IBM | N/A | CP4BA version 21.0.3 sans le correctif de sécurité CP4BA 21.0.3-IF12 | ||
| IBM | N/A | Enterprise Content Management System Monitor (ESM) versions 5.5.x antérieures à 5.5.9 | ||
| IBM | QRadar User Behavior Analytics | QRadar User Behavior Analytics version 4.1.8 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM QRadar Pulse App versions ant\u00e9rieures \u00e0 2.2.9",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "CP4BA version 22.0.1 sans le correctif de s\u00e9curit\u00e9 CP4BA 22.0.1-IF2",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Robotic Process Automation pour Cloud Pak versions ant\u00e9rieures \u00e0 21.0.5",
"product": {
"name": "Cloud Pak",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM ECM CMIS et FileNet Collaboration Services version 3.0.6 sans le correctif de s\u00e9curit\u00e9 CMIS 3.0.6-IF2",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.3",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Cognos Analytics versions 11.1.x ant\u00e9rieures \u00e0 11.1.7 FP6",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "CP4BA version 21.0.3 sans le correctif de s\u00e9curit\u00e9 CP4BA 21.0.3-IF12",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Enterprise Content Management System Monitor (ESM) versions 5.5.x ant\u00e9rieures \u00e0 5.5.9",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar User Behavior Analytics version 4.1.8",
"product": {
"name": "QRadar User Behavior Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-44906",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
},
{
"name": "CVE-2018-3721",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3721"
},
{
"name": "CVE-2022-22965",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22965"
},
{
"name": "CVE-2021-29425",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29425"
},
{
"name": "CVE-2021-22959",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22959"
},
{
"name": "CVE-2020-7788",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7788"
},
{
"name": "CVE-2021-3733",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3733"
},
{
"name": "CVE-2021-37701",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37701"
},
{
"name": "CVE-2021-34538",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34538"
},
{
"name": "CVE-2021-33502",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33502"
},
{
"name": "CVE-2019-9947",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9947"
},
{
"name": "CVE-2018-20852",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20852"
},
{
"name": "CVE-2021-32804",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32804"
},
{
"name": "CVE-2022-25647",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25647"
},
{
"name": "CVE-2019-11358",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
},
{
"name": "CVE-2022-0391",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0391"
},
{
"name": "CVE-2020-26116",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26116"
},
{
"name": "CVE-2020-13936",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13936"
},
{
"name": "CVE-2020-4051",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-4051"
},
{
"name": "CVE-2019-9636",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9636"
},
{
"name": "CVE-2021-23337",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23337"
},
{
"name": "CVE-2019-10202",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10202"
},
{
"name": "CVE-2021-4160",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4160"
},
{
"name": "CVE-2021-22960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22960"
},
{
"name": "CVE-2021-37713",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37713"
},
{
"name": "CVE-2021-43138",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43138"
},
{
"name": "CVE-2018-25031",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25031"
},
{
"name": "CVE-2021-37712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37712"
},
{
"name": "CVE-2021-3711",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3711"
},
{
"name": "CVE-2012-5783",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5783"
},
{
"name": "CVE-2019-1010266",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1010266"
},
{
"name": "CVE-2021-3807",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3807"
},
{
"name": "CVE-2019-10744",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10744"
},
{
"name": "CVE-2021-4189",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4189"
},
{
"name": "CVE-2020-9492",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9492"
},
{
"name": "CVE-2019-9740",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9740"
},
{
"name": "CVE-2021-23450",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23450"
},
{
"name": "CVE-2021-32803",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32803"
},
{
"name": "CVE-2021-3737",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3737"
},
{
"name": "CVE-2020-15523",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15523"
},
{
"name": "CVE-2020-27619",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27619"
},
{
"name": "CVE-2020-8492",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8492"
},
{
"name": "CVE-2021-22569",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22569"
},
{
"name": "CVE-2021-3177",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3177"
},
{
"name": "CVE-2019-18348",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18348"
},
{
"name": "CVE-2019-0205",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0205"
},
{
"name": "CVE-2019-10172",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10172"
},
{
"name": "CVE-2022-34339",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34339"
},
{
"name": "CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"name": "CVE-2020-8203",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8203"
},
{
"name": "CVE-2018-16487",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16487"
},
{
"name": "CVE-2021-3712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
},
{
"name": "CVE-2021-3918",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3918"
},
{
"name": "CVE-2018-20406",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20406"
},
{
"name": "CVE-2011-4969",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4969"
},
{
"name": "CVE-2021-3765",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3765"
},
{
"name": "CVE-2021-44907",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44907"
},
{
"name": "CVE-2015-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9251"
},
{
"name": "CVE-2012-6708",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6708"
},
{
"name": "CVE-2020-7656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7656"
},
{
"name": "CVE-2020-28469",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28469"
},
{
"name": "CVE-2020-7598",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7598"
},
{
"name": "CVE-2019-16935",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16935"
},
{
"name": "CVE-2022-26488",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26488"
},
{
"name": "CVE-2022-24758",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24758"
},
{
"name": "CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-928",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-10-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6830211 du 18 octobre 2022",
"url": "https://www.ibm.com/support/pages/node/6830211"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6830243 du 18 octobre 2022",
"url": "https://www.ibm.com/support/pages/node/6830243"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6828527 du 17 octobre 2022",
"url": "https://www.ibm.com/support/pages/node/6828527"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6830257 du 18 octobre 2022",
"url": "https://www.ibm.com/support/pages/node/6830257"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6830265 du 18 octobre 2022",
"url": "https://www.ibm.com/support/pages/node/6830265"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6830017 du 18 octobre 2022",
"url": "https://www.ibm.com/support/pages/node/6830017"
}
]
}
CERTFR-2024-AVI-0737
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Moxa OnCell 3120-LTE-1 Series. Elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Moxa | OnCell 3120-LTE-1 Series | OnCell 3120-LTE-1 Series sans les derniers correctifs de sécurité |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "OnCell 3120-LTE-1 Series sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "OnCell 3120-LTE-1 Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2019-11358",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
},
{
"name": "CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"name": "CVE-2020-7656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7656"
},
{
"name": "CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0737",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-09-04T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Moxa OnCell 3120-LTE-1 Series. Elles permettent \u00e0 un attaquant de provoquer une injection de code indirecte \u00e0 distance (XSS).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moxa OnCell 3120-LTE-1 Series",
"vendor_advisories": [
{
"published_at": "2024-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 Moxa JSA",
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-244707-oncell-3120-lte-1-series-multiple-jquery-vulnerabilities"
}
]
}
CERTFR-2023-AVI-0250
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits IBM. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une injection de code indirecte à distance (XSS), une élévation de privilèges et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.5.0 UPx antérieures à 7.5.0 UP5 | ||
| IBM | WebSphere | IBM WebSphere Extreme Scale versions 8.6.1.x antérieures à 8.6.1.5 incluant le correctif de sécurité PH53340 | ||
| IBM | WebSphere | IBM WebSphere Application Server versions 9.0.x antérieures à 9.0.5.14 incluant le correctif de sécurité PH52925 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.4.3 FPx antérieures à 7.4.3 FP9 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM QRadar SIEM versions 7.5.0 UPx ant\u00e9rieures \u00e0 7.5.0 UP5",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM WebSphere Extreme Scale versions 8.6.1.x ant\u00e9rieures \u00e0 8.6.1.5 incluant le correctif de s\u00e9curit\u00e9 PH53340",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM WebSphere Application Server versions 9.0.x ant\u00e9rieures \u00e0 9.0.5.14 incluant le correctif de s\u00e9curit\u00e9 PH52925",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions 7.4.3 FPx ant\u00e9rieures \u00e0 7.4.3 FP9",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-26283",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26283"
},
{
"name": "CVE-2018-15494",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15494"
},
{
"name": "CVE-2019-11358",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
},
{
"name": "CVE-2022-43863",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43863"
},
{
"name": "CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"name": "CVE-2015-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9251"
},
{
"name": "CVE-2012-6708",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6708"
},
{
"name": "CVE-2020-7656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7656"
},
{
"name": "CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0250",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-03-22T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eIBM\u003c/span\u003e. Elles permettent \u00e0 un attaquant de provoquer\nun contournement de la politique de s\u00e9curit\u00e9, une injection de code\nindirecte \u00e0 distance (XSS), une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte\n\u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6964836 du 21 mars 2023",
"url": "https://www.ibm.com/support/pages/node/6964836"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6964844 du 21 mars 2023",
"url": "https://www.ibm.com/support/pages/node/6964844"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6964862 du 21 mars 2023",
"url": "https://www.ibm.com/support/pages/node/6964862"
}
]
}
CERTFR-2021-AVI-943
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges, un déni de service à distance et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Spectrum | IBM Spectrum Protect Server versions 8.1.x antérieures à 8.1.13 | ||
| IBM | Spectrum | IBM Spectrum Protect Client versions 7.1.x antérieures à 7.1.8.12 | ||
| IBM | Spectrum | IBM Spectrum Protect Client versions 8.1.x antérieures à 8.1.13 | ||
| IBM | N/A | Rational Developer for i (RDi) RPG and COBOL + Modernization Tools, Java Edition toutes versions | ||
| IBM | Spectrum | IBM Spectrum Copy Data Management version 2.2.x antérieures à 2.2.14 | ||
| IBM | Spectrum | IBM Spectrum Protect Plus versions 10.1.x antérieures à 10.1.9 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Spectrum Protect Server versions 8.1.x ant\u00e9rieures \u00e0 8.1.13",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect Client versions 7.1.x ant\u00e9rieures \u00e0 7.1.8.12",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect Client versions 8.1.x ant\u00e9rieures \u00e0 8.1.13",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Rational Developer for i (RDi) RPG and COBOL + Modernization Tools, Java Edition toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Copy Data Management version 2.2.x ant\u00e9rieures \u00e0 2.2.14",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect Plus versions 10.1.x ant\u00e9rieures \u00e0 10.1.9",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-39154",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39154"
},
{
"name": "CVE-2021-21343",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21343"
},
{
"name": "CVE-2021-38947",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38947"
},
{
"name": "CVE-2021-32027",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32027"
},
{
"name": "CVE-2021-21348",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21348"
},
{
"name": "CVE-2021-29505",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29505"
},
{
"name": "CVE-2021-39146",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39146"
},
{
"name": "CVE-2021-33502",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33502"
},
{
"name": "CVE-2020-13956",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13956"
},
{
"name": "CVE-2020-10673",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
},
{
"name": "CVE-2020-35728",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35728"
},
{
"name": "CVE-2020-26258",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26258"
},
{
"name": "CVE-2020-36181",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36181"
},
{
"name": "CVE-2020-36182",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36182"
},
{
"name": "CVE-2020-24616",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24616"
},
{
"name": "CVE-2021-22940",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22940"
},
{
"name": "CVE-2020-10683",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10683"
},
{
"name": "CVE-2021-21344",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21344"
},
{
"name": "CVE-2020-36185",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36185"
},
{
"name": "CVE-2021-22930",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22930"
},
{
"name": "CVE-2021-39149",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39149"
},
{
"name": "CVE-2021-39065",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39065"
},
{
"name": "CVE-2020-36179",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36179"
},
{
"name": "CVE-2020-26259",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26259"
},
{
"name": "CVE-2021-39139",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39139"
},
{
"name": "CVE-2021-21341",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21341"
},
{
"name": "CVE-2020-36186",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36186"
},
{
"name": "CVE-2020-36189",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36189"
},
{
"name": "CVE-2021-39064",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39064"
},
{
"name": "CVE-2021-39054",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39054"
},
{
"name": "CVE-2021-20190",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20190"
},
{
"name": "CVE-2021-35516",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35516"
},
{
"name": "CVE-2021-39147",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39147"
},
{
"name": "CVE-2021-39152",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39152"
},
{
"name": "CVE-2021-22939",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22939"
},
{
"name": "CVE-2019-14893",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14893"
},
{
"name": "CVE-2021-33197",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33197"
},
{
"name": "CVE-2020-11113",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11113"
},
{
"name": "CVE-2021-39145",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39145"
},
{
"name": "CVE-2021-37713",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37713"
},
{
"name": "CVE-2021-35517",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35517"
},
{
"name": "CVE-2021-35065",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35065"
},
{
"name": "CVE-2020-14314",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14314"
},
{
"name": "CVE-2021-39144",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39144"
},
{
"name": "CVE-2020-10672",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
},
{
"name": "CVE-2021-37712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37712"
},
{
"name": "CVE-2020-10969",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10969"
},
{
"name": "CVE-2021-3711",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3711"
},
{
"name": "CVE-2021-21347",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21347"
},
{
"name": "CVE-2020-36187",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36187"
},
{
"name": "CVE-2021-36090",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36090"
},
{
"name": "CVE-2020-26217",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26217"
},
{
"name": "CVE-2021-39151",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39151"
},
{
"name": "CVE-2020-11620",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11620"
},
{
"name": "CVE-2020-14385",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14385"
},
{
"name": "CVE-2021-21346",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21346"
},
{
"name": "CVE-2020-24750",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24750"
},
{
"name": "CVE-2021-39148",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39148"
},
{
"name": "CVE-2021-21351",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21351"
},
{
"name": "CVE-2021-21345",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21345"
},
{
"name": "CVE-2021-36221",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36221"
},
{
"name": "CVE-2020-14195",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14195"
},
{
"name": "CVE-2021-33909",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33909"
},
{
"name": "CVE-2021-34558",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34558"
},
{
"name": "CVE-2021-3715",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3715"
},
{
"name": "CVE-2020-14061",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14061"
},
{
"name": "CVE-2021-32028",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32028"
},
{
"name": "CVE-2020-11619",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11619"
},
{
"name": "CVE-2020-36183",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36183"
},
{
"name": "CVE-2021-29923",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29923"
},
{
"name": "CVE-2019-10172",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10172"
},
{
"name": "CVE-2021-39052",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39052"
},
{
"name": "CVE-2021-39150",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39150"
},
{
"name": "CVE-2020-36184",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36184"
},
{
"name": "CVE-2021-22931",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22931"
},
{
"name": "CVE-2021-21349",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21349"
},
{
"name": "CVE-2020-36180",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36180"
},
{
"name": "CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"name": "CVE-2021-3712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
},
{
"name": "CVE-2021-39134",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39134"
},
{
"name": "CVE-2021-39140",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39140"
},
{
"name": "CVE-2021-39058",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39058"
},
{
"name": "CVE-2020-10968",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10968"
},
{
"name": "CVE-2021-39153",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39153"
},
{
"name": "CVE-2020-25649",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25649"
},
{
"name": "CVE-2021-21342",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21342"
},
{
"name": "CVE-2021-23368",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23368"
},
{
"name": "CVE-2021-39135",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39135"
},
{
"name": "CVE-2021-35515",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35515"
},
{
"name": "CVE-2021-29060",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29060"
},
{
"name": "CVE-2021-32029",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32029"
},
{
"name": "CVE-2021-21350",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21350"
},
{
"name": "CVE-2020-11112",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11112"
},
{
"name": "CVE-2020-7656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7656"
},
{
"name": "CVE-2020-11111",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11111"
},
{
"name": "CVE-2020-28469",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28469"
},
{
"name": "CVE-2021-39053",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39053"
},
{
"name": "CVE-2021-33195",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33195"
},
{
"name": "CVE-2020-14060",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14060"
},
{
"name": "CVE-2020-36188",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36188"
},
{
"name": "CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"name": "CVE-2019-14892",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
},
{
"name": "CVE-2021-39141",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39141"
},
{
"name": "CVE-2020-14062",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14062"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-943",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-12-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges, un\nd\u00e9ni de service \u00e0 distance et une injection de code indirecte \u00e0 distance\n(XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6525034 du 10 d\u00e9cembre 2021",
"url": "https://www.ibm.com/support/pages/node/6525034"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6525250 du 10 d\u00e9cembre 2021",
"url": "https://www.ibm.com/support/pages/node/6525250"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6525260 du 10 d\u00e9cembre 2021",
"url": "https://www.ibm.com/support/pages/node/6525260"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6524712 du 10 d\u00e9cembre 2021",
"url": "https://www.ibm.com/support/pages/node/6524712"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6525674 du 10 d\u00e9cembre 2021",
"url": "https://www.ibm.com/support/pages/node/6525674"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6524908 du 10 d\u00e9cembre 2021",
"url": "https://www.ibm.com/support/pages/node/6524908"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6525554 du 10 d\u00e9cembre 2021",
"url": "https://www.ibm.com/support/pages/node/6525554"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6525182 du 10 d\u00e9cembre 2021",
"url": "https://www.ibm.com/support/pages/node/6525182"
}
]
}
CERTFR-2024-AVI-0737
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Moxa OnCell 3120-LTE-1 Series. Elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Moxa | OnCell 3120-LTE-1 Series | OnCell 3120-LTE-1 Series sans les derniers correctifs de sécurité |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "OnCell 3120-LTE-1 Series sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "OnCell 3120-LTE-1 Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2019-11358",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
},
{
"name": "CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"name": "CVE-2020-7656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7656"
},
{
"name": "CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0737",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-09-04T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Moxa OnCell 3120-LTE-1 Series. Elles permettent \u00e0 un attaquant de provoquer une injection de code indirecte \u00e0 distance (XSS).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moxa OnCell 3120-LTE-1 Series",
"vendor_advisories": [
{
"published_at": "2024-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 Moxa JSA",
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-244707-oncell-3120-lte-1-series-multiple-jquery-vulnerabilities"
}
]
}
CERTFR-2022-AVI-658
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Oracle PeopleSoft. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | PeopleSoft | PeopleSoft version 8.59 | ||
| Oracle | PeopleSoft | PeopleSoft version 8.58 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "PeopleSoft version 8.59",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "PeopleSoft version 8.58",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-21512",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21512"
},
{
"name": "CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"name": "CVE-2022-21543",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21543"
},
{
"name": "CVE-2022-24728",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24728"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2022-21520",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21520"
},
{
"name": "CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2022-24729",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24729"
},
{
"name": "CVE-2022-21521",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21521"
},
{
"name": "CVE-2022-23437",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23437"
},
{
"name": "CVE-2021-31684",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31684"
},
{
"name": "CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"name": "CVE-2020-7656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7656"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-658",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-07-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle PeopleSoft.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0 distance et une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle PeopleSoft",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2022 du 19 juillet 2022",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html#AppendixPS"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2022verbose du 19 juillet 2022",
"url": "https://www.oracle.com/security-alerts/cpujul2022verbose.html#PS"
}
]
}
CERTFR-2023-AVI-0208
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Tenable. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nessus versions ant\u00e9rieures \u00e0 10.5.0",
"product": {
"name": "Nessus",
"vendor": {
"name": "Tenable",
"scada": false
}
}
},
{
"description": "Nessus Agent versions 10.3.0 ant\u00e9rieures \u00e0 10.3.2",
"product": {
"name": "Nessus",
"vendor": {
"name": "Tenable",
"scada": false
}
}
},
{
"description": "Nessus Agent versions 8.3.x ant\u00e9rieures \u00e0 8.3.5",
"product": {
"name": "Nessus",
"vendor": {
"name": "Tenable",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
},
{
"name": "CVE-2023-0401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2019-11358",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
},
{
"name": "CVE-2020-28458",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28458"
},
{
"name": "CVE-2022-4203",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4203"
},
{
"name": "CVE-2023-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
},
{
"name": "CVE-2021-23445",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23445"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2022-2097",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2097"
},
{
"name": "CVE-2020-7656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7656"
},
{
"name": "CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0208",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-03-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits \u003cspan\nclass=\"textit\"\u003eTenable\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Nessus",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Tenable TNS-2023-11 du 07 mars 2023",
"url": "https://www.tenable.com/security/tns-2023-11"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Tenable TNS-2023-09 du 02 mars 2023",
"url": "https://www.tenable.com/security/tns-2023-09"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Tenable TNS-2023-10 du 06 mars 2023",
"url": "https://www.tenable.com/security/tns-2023-10"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Tenable TNS-2023-12 du 09 mars 2023",
"url": "https://www.tenable.com/security/tns-2023-12"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Tenable TNS-2023-13 du 09 mars 2023",
"url": "https://www.tenable.com/security/tns-2023-13"
}
]
}
CERTFR-2021-AVI-943
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges, un déni de service à distance et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Spectrum | IBM Spectrum Protect Server versions 8.1.x antérieures à 8.1.13 | ||
| IBM | Spectrum | IBM Spectrum Protect Client versions 7.1.x antérieures à 7.1.8.12 | ||
| IBM | Spectrum | IBM Spectrum Protect Client versions 8.1.x antérieures à 8.1.13 | ||
| IBM | N/A | Rational Developer for i (RDi) RPG and COBOL + Modernization Tools, Java Edition toutes versions | ||
| IBM | Spectrum | IBM Spectrum Copy Data Management version 2.2.x antérieures à 2.2.14 | ||
| IBM | Spectrum | IBM Spectrum Protect Plus versions 10.1.x antérieures à 10.1.9 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Spectrum Protect Server versions 8.1.x ant\u00e9rieures \u00e0 8.1.13",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect Client versions 7.1.x ant\u00e9rieures \u00e0 7.1.8.12",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect Client versions 8.1.x ant\u00e9rieures \u00e0 8.1.13",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Rational Developer for i (RDi) RPG and COBOL + Modernization Tools, Java Edition toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Copy Data Management version 2.2.x ant\u00e9rieures \u00e0 2.2.14",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect Plus versions 10.1.x ant\u00e9rieures \u00e0 10.1.9",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-39154",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39154"
},
{
"name": "CVE-2021-21343",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21343"
},
{
"name": "CVE-2021-38947",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38947"
},
{
"name": "CVE-2021-32027",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32027"
},
{
"name": "CVE-2021-21348",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21348"
},
{
"name": "CVE-2021-29505",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29505"
},
{
"name": "CVE-2021-39146",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39146"
},
{
"name": "CVE-2021-33502",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33502"
},
{
"name": "CVE-2020-13956",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13956"
},
{
"name": "CVE-2020-10673",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
},
{
"name": "CVE-2020-35728",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35728"
},
{
"name": "CVE-2020-26258",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26258"
},
{
"name": "CVE-2020-36181",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36181"
},
{
"name": "CVE-2020-36182",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36182"
},
{
"name": "CVE-2020-24616",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24616"
},
{
"name": "CVE-2021-22940",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22940"
},
{
"name": "CVE-2020-10683",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10683"
},
{
"name": "CVE-2021-21344",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21344"
},
{
"name": "CVE-2020-36185",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36185"
},
{
"name": "CVE-2021-22930",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22930"
},
{
"name": "CVE-2021-39149",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39149"
},
{
"name": "CVE-2021-39065",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39065"
},
{
"name": "CVE-2020-36179",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36179"
},
{
"name": "CVE-2020-26259",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26259"
},
{
"name": "CVE-2021-39139",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39139"
},
{
"name": "CVE-2021-21341",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21341"
},
{
"name": "CVE-2020-36186",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36186"
},
{
"name": "CVE-2020-36189",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36189"
},
{
"name": "CVE-2021-39064",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39064"
},
{
"name": "CVE-2021-39054",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39054"
},
{
"name": "CVE-2021-20190",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20190"
},
{
"name": "CVE-2021-35516",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35516"
},
{
"name": "CVE-2021-39147",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39147"
},
{
"name": "CVE-2021-39152",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39152"
},
{
"name": "CVE-2021-22939",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22939"
},
{
"name": "CVE-2019-14893",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14893"
},
{
"name": "CVE-2021-33197",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33197"
},
{
"name": "CVE-2020-11113",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11113"
},
{
"name": "CVE-2021-39145",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39145"
},
{
"name": "CVE-2021-37713",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37713"
},
{
"name": "CVE-2021-35517",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35517"
},
{
"name": "CVE-2021-35065",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35065"
},
{
"name": "CVE-2020-14314",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14314"
},
{
"name": "CVE-2021-39144",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39144"
},
{
"name": "CVE-2020-10672",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
},
{
"name": "CVE-2021-37712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37712"
},
{
"name": "CVE-2020-10969",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10969"
},
{
"name": "CVE-2021-3711",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3711"
},
{
"name": "CVE-2021-21347",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21347"
},
{
"name": "CVE-2020-36187",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36187"
},
{
"name": "CVE-2021-36090",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36090"
},
{
"name": "CVE-2020-26217",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26217"
},
{
"name": "CVE-2021-39151",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39151"
},
{
"name": "CVE-2020-11620",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11620"
},
{
"name": "CVE-2020-14385",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14385"
},
{
"name": "CVE-2021-21346",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21346"
},
{
"name": "CVE-2020-24750",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24750"
},
{
"name": "CVE-2021-39148",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39148"
},
{
"name": "CVE-2021-21351",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21351"
},
{
"name": "CVE-2021-21345",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21345"
},
{
"name": "CVE-2021-36221",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36221"
},
{
"name": "CVE-2020-14195",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14195"
},
{
"name": "CVE-2021-33909",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33909"
},
{
"name": "CVE-2021-34558",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34558"
},
{
"name": "CVE-2021-3715",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3715"
},
{
"name": "CVE-2020-14061",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14061"
},
{
"name": "CVE-2021-32028",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32028"
},
{
"name": "CVE-2020-11619",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11619"
},
{
"name": "CVE-2020-36183",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36183"
},
{
"name": "CVE-2021-29923",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29923"
},
{
"name": "CVE-2019-10172",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10172"
},
{
"name": "CVE-2021-39052",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39052"
},
{
"name": "CVE-2021-39150",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39150"
},
{
"name": "CVE-2020-36184",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36184"
},
{
"name": "CVE-2021-22931",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22931"
},
{
"name": "CVE-2021-21349",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21349"
},
{
"name": "CVE-2020-36180",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36180"
},
{
"name": "CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"name": "CVE-2021-3712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
},
{
"name": "CVE-2021-39134",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39134"
},
{
"name": "CVE-2021-39140",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39140"
},
{
"name": "CVE-2021-39058",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39058"
},
{
"name": "CVE-2020-10968",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10968"
},
{
"name": "CVE-2021-39153",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39153"
},
{
"name": "CVE-2020-25649",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25649"
},
{
"name": "CVE-2021-21342",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21342"
},
{
"name": "CVE-2021-23368",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23368"
},
{
"name": "CVE-2021-39135",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39135"
},
{
"name": "CVE-2021-35515",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35515"
},
{
"name": "CVE-2021-29060",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29060"
},
{
"name": "CVE-2021-32029",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32029"
},
{
"name": "CVE-2021-21350",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21350"
},
{
"name": "CVE-2020-11112",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11112"
},
{
"name": "CVE-2020-7656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7656"
},
{
"name": "CVE-2020-11111",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11111"
},
{
"name": "CVE-2020-28469",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28469"
},
{
"name": "CVE-2021-39053",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39053"
},
{
"name": "CVE-2021-33195",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33195"
},
{
"name": "CVE-2020-14060",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14060"
},
{
"name": "CVE-2020-36188",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36188"
},
{
"name": "CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"name": "CVE-2019-14892",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
},
{
"name": "CVE-2021-39141",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39141"
},
{
"name": "CVE-2020-14062",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14062"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-943",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-12-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges, un\nd\u00e9ni de service \u00e0 distance et une injection de code indirecte \u00e0 distance\n(XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6525034 du 10 d\u00e9cembre 2021",
"url": "https://www.ibm.com/support/pages/node/6525034"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6525250 du 10 d\u00e9cembre 2021",
"url": "https://www.ibm.com/support/pages/node/6525250"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6525260 du 10 d\u00e9cembre 2021",
"url": "https://www.ibm.com/support/pages/node/6525260"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6524712 du 10 d\u00e9cembre 2021",
"url": "https://www.ibm.com/support/pages/node/6524712"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6525674 du 10 d\u00e9cembre 2021",
"url": "https://www.ibm.com/support/pages/node/6525674"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6524908 du 10 d\u00e9cembre 2021",
"url": "https://www.ibm.com/support/pages/node/6524908"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6525554 du 10 d\u00e9cembre 2021",
"url": "https://www.ibm.com/support/pages/node/6525554"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6525182 du 10 d\u00e9cembre 2021",
"url": "https://www.ibm.com/support/pages/node/6525182"
}
]
}
CERTFR-2024-AVI-0305
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
- Sterling Connect:Direct pour UNIX versions 6.1.0.x antérieures à 6.1.0.4.iFix104
- Sterling Connect:Direct pour UNIX versions 6.0.0.x antérieures à 6.0.0.2.iFix163
- Sterling Connect:Direct FTP+ versions antérieures à 1.3.0 sans le correctif de sécurité iFix026
- QRadar App SDK versions 2.2.x antérieures à 2.2.1
- QRadar Deployment Intelligence App versions antérieures à 3.0.13
- Cloud Pak for Security versions 1.10.x.x antérieures à 1.10.20.0
- QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP8 IF01
- QRadar Suite Software versions 1.10.12.x antérieures à 1.10.20.0
- WebSphere Application Server Liberty versions postérieures à 21.0.0.2 et antérieures à 24.0.0.4
- WebSphere Application Server versions 9.x antérieures à 9.0.5.19
- WebSphere Application Server versions postérieures à 8.5.5.2 antérieures à 8.5.5.26
- Sterling B2B Integrator versions 6.0.x.x à 6.1.x.x antérieures à 6.1.2.5
- Sterling B2B Integrator versions 6.2.x.x antérieures à 6.2.0.1
Se référer aux bulletin de l'éditeur pour les versions des fichiers vulnérables (cf. section Documentation).
Impacted products
| Vendor | Product | Description |
|---|
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cul\u003e \u003cli\u003eSterling Connect:Direct pour UNIX versions 6.1.0.x ant\u00e9rieures \u00e0\u00a06.1.0.4.iFix104\u003c/li\u003e \u003cli\u003eSterling Connect:Direct pour UNIX versions 6.0.0.x ant\u00e9rieures \u00e0 6.0.0.2.iFix163\u003c/li\u003e \u003cli\u003eSterling Connect:Direct FTP+ versions ant\u00e9rieures \u00e0 1.3.0 sans le correctif de s\u00e9curit\u00e9 iFix026\u003c/li\u003e \u003cli\u003eQRadar App SDK versions 2.2.x ant\u00e9rieures \u00e0 2.2.1\u003c/li\u003e \u003cli\u003eQRadar Deployment Intelligence App versions ant\u00e9rieures \u00e0 3.0.13\u003c/li\u003e \u003cli\u003eCloud Pak for Security versions 1.10.x.x ant\u00e9rieures \u00e0 1.10.20.0\u003c/li\u003e \u003cli\u003eQRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP8 IF01\u003c/li\u003e \u003cli\u003eQRadar Suite Software versions 1.10.12.x ant\u00e9rieures \u00e0 1.10.20.0\u003c/li\u003e \u003cli\u003eWebSphere Application Server Liberty versions post\u00e9rieures \u00e0 21.0.0.2 et ant\u00e9rieures \u00e0 24.0.0.4\u003c/li\u003e \u003cli\u003eWebSphere Application Server versions 9.x ant\u00e9rieures \u00e0 9.0.5.19\u003c/li\u003e \u003cli\u003eWebSphere Application Server versions post\u00e9rieures \u00e0 8.5.5.2 ant\u00e9rieures \u00e0 8.5.5.26\u003c/li\u003e \u003cli\u003eSterling B2B Integrator versions 6.0.x.x \u00e0 6.1.x.x ant\u00e9rieures \u00e0 6.1.2.5\u003c/li\u003e \u003cli\u003eSterling B2B Integrator versions 6.2.x.x ant\u00e9rieures \u00e0 6.2.0.1\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eSe r\u00e9f\u00e9rer aux bulletin de l\u0027\u00e9diteur pour les versions des fichiers vuln\u00e9rables (cf. section Documentation).\u003c/p\u003e ",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-20919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
},
{
"name": "CVE-2022-48564",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48564"
},
{
"name": "CVE-2024-1597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1597"
},
{
"name": "CVE-2023-43642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
},
{
"name": "CVE-2023-46218",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46218"
},
{
"name": "CVE-2023-45857",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45857"
},
{
"name": "CVE-2023-51385",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51385"
},
{
"name": "CVE-2023-46234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46234"
},
{
"name": "CVE-2023-38546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
},
{
"name": "CVE-2023-37920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2021-31525",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31525"
},
{
"name": "CVE-2023-52426",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52426"
},
{
"name": "CVE-2022-45061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
},
{
"name": "CVE-2023-4091",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4091"
},
{
"name": "CVE-2023-50782",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50782"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2024-22361",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22361"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2021-35939",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35939"
},
{
"name": "CVE-2023-28322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28322"
},
{
"name": "CVE-2023-42669",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42669"
},
{
"name": "CVE-2023-2828",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2828"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2023-20569",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20569"
},
{
"name": "CVE-2012-0881",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0881"
},
{
"name": "CVE-2019-13224",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13224"
},
{
"name": "CVE-2023-34968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34968"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2019-19204",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19204"
},
{
"name": "CVE-2023-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2021-22696",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22696"
},
{
"name": "CVE-2023-42795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42795"
},
{
"name": "CVE-2023-28487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28487"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2023-6135",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6135"
},
{
"name": "CVE-2022-46364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46364"
},
{
"name": "CVE-2024-22195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22195"
},
{
"name": "CVE-2020-28241",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28241"
},
{
"name": "CVE-2023-45648",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45648"
},
{
"name": "CVE-2023-45803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
},
{
"name": "CVE-2022-46363",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46363"
},
{
"name": "CVE-2023-34967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34967"
},
{
"name": "CVE-2021-35937",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35937"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2023-3341",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3341"
},
{
"name": "CVE-2021-41043",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41043"
},
{
"name": "CVE-2019-16163",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16163"
},
{
"name": "CVE-2023-1786",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1786"
},
{
"name": "CVE-2024-0553",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0553"
},
{
"name": "CVE-2021-30468",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30468"
},
{
"name": "CVE-2024-26130",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26130"
},
{
"name": "CVE-2019-19203",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19203"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2023-33850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
},
{
"name": "CVE-2022-48560",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48560"
},
{
"name": "CVE-2017-7500",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7500"
},
{
"name": "CVE-2023-42794",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42794"
},
{
"name": "CVE-2022-34169",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34169"
},
{
"name": "CVE-2022-3094",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3094"
},
{
"name": "CVE-2022-41721",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41721"
},
{
"name": "CVE-2022-42920",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42920"
},
{
"name": "CVE-2022-23437",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23437"
},
{
"name": "CVE-2023-42465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42465"
},
{
"name": "CVE-2023-5676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
},
{
"name": "CVE-2021-33194",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33194"
},
{
"name": "CVE-2024-20932",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20932"
},
{
"name": "CVE-2023-49083",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49083"
},
{
"name": "CVE-2011-4969",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4969"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2021-35938",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35938"
},
{
"name": "CVE-2022-46329",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46329"
},
{
"name": "CVE-2023-34966",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34966"
},
{
"name": "CVE-2023-26604",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26604"
},
{
"name": "CVE-2022-41723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
},
{
"name": "CVE-2023-46589",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46589"
},
{
"name": "CVE-2023-32681",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2023-39615",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39615"
},
{
"name": "CVE-2017-7501",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7501"
},
{
"name": "CVE-2023-28486",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28486"
},
{
"name": "CVE-2015-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9251"
},
{
"name": "CVE-2023-5388",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5388"
},
{
"name": "CVE-2012-6708",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6708"
},
{
"name": "CVE-2022-2127",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2127"
},
{
"name": "CVE-2020-7656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7656"
},
{
"name": "CVE-2019-19012",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19012"
},
{
"name": "CVE-2023-26159",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26159"
},
{
"name": "CVE-2023-6597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
},
{
"name": "CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"name": "CVE-2024-22234",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22234"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0305",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-04-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147813 du 09 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147813"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148062 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148062"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147943 du 10 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147943"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147903 du 10 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147903"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148094 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148094"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148151 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148151"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148066 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148066"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148158 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148158"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147727 du 08 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147727"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148065 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148065"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148068 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148068"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147728 du 08 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147728"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147944 du 10 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147944"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147726 du 08 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147726"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147923 du 10 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147923"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147812 du 09 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147812"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148063 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148063"
}
]
}
CERTFR-2024-AVI-0506
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Juniper Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | Secure Analytics | Secure Analytics versions antérieures à 7.5.0 UP8 IF03 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Secure Analytics versions ant\u00e9rieures \u00e0 7.5.0 UP8 IF03",
"product": {
"name": "Secure Analytics",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2023-1382",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1382"
},
{
"name": "CVE-2023-4732",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4732"
},
{
"name": "CVE-2022-48564",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48564"
},
{
"name": "CVE-2019-15505",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15505"
},
{
"name": "CVE-2023-52448",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52448"
},
{
"name": "CVE-2023-3138",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3138"
},
{
"name": "CVE-2023-46813",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46813"
},
{
"name": "CVE-2023-46218",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46218"
},
{
"name": "CVE-2023-1838",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1838"
},
{
"name": "CVE-2023-40551",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40551"
},
{
"name": "CVE-2022-45934",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45934"
},
{
"name": "CVE-2023-28328",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28328"
},
{
"name": "CVE-2023-51043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51043"
},
{
"name": "CVE-2023-51385",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51385"
},
{
"name": "CVE-2023-5633",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5633"
},
{
"name": "CVE-2023-52425",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52425"
},
{
"name": "CVE-2022-38457",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38457"
},
{
"name": "CVE-2023-38546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
},
{
"name": "CVE-2023-45863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45863"
},
{
"name": "CVE-2022-26691",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26691"
},
{
"name": "CVE-2023-6915",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6915"
},
{
"name": "CVE-2023-5178",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5178"
},
{
"name": "CVE-2024-26671",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26671"
},
{
"name": "CVE-2023-50868",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50868"
},
{
"name": "CVE-2023-6536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6536"
},
{
"name": "CVE-2023-37453",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37453"
},
{
"name": "CVE-2023-23455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23455"
},
{
"name": "CVE-2022-45061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
},
{
"name": "CVE-2020-10001",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10001"
},
{
"name": "CVE-2024-0646",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0646"
},
{
"name": "CVE-2023-4091",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4091"
},
{
"name": "CVE-2023-40283",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40283"
},
{
"name": "CVE-2022-45884",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45884"
},
{
"name": "CVE-2023-52489",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52489"
},
{
"name": "CVE-2007-4559",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-4559"
},
{
"name": "CVE-2023-33951",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33951"
},
{
"name": "CVE-2023-2163",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2163"
},
{
"name": "CVE-2023-4133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4133"
},
{
"name": "CVE-2022-42895",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42895"
},
{
"name": "CVE-2023-4244",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4244"
},
{
"name": "CVE-2022-40133",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40133"
},
{
"name": "CVE-2021-35939",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35939"
},
{
"name": "CVE-2023-39193",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39193"
},
{
"name": "CVE-2023-28322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28322"
},
{
"name": "CVE-2024-22243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22243"
},
{
"name": "CVE-2023-45862",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45862"
},
{
"name": "CVE-2023-1989",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1989"
},
{
"name": "CVE-2020-3898",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3898"
},
{
"name": "CVE-2023-51779",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51779"
},
{
"name": "CVE-2023-1855",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1855"
},
{
"name": "CVE-2024-28784",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28784"
},
{
"name": "CVE-2022-45869",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45869"
},
{
"name": "CVE-2023-2513",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2513"
},
{
"name": "CVE-2023-4408",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4408"
},
{
"name": "CVE-2023-42669",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42669"
},
{
"name": "CVE-2023-2828",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2828"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2023-20569",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20569"
},
{
"name": "CVE-2023-50961",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50961"
},
{
"name": "CVE-2023-4206",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4206"
},
{
"name": "CVE-2023-52340",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52340"
},
{
"name": "CVE-2023-6817",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6817"
},
{
"name": "CVE-2023-31084",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31084"
},
{
"name": "CVE-2024-26609",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26609"
},
{
"name": "CVE-2022-45919",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45919"
},
{
"name": "CVE-2019-13224",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13224"
},
{
"name": "CVE-2022-41858",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41858"
},
{
"name": "CVE-2023-3611",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3611"
},
{
"name": "CVE-2023-4128",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4128"
},
{
"name": "CVE-2023-34968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34968"
},
{
"name": "CVE-2023-31436",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31436"
},
{
"name": "CVE-2001-1267",
"url": "https://www.cve.org/CVERecord?id=CVE-2001-1267"
},
{
"name": "CVE-2023-1074",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1074"
},
{
"name": "CVE-2019-19204",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19204"
},
{
"name": "CVE-2023-42753",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42753"
},
{
"name": "CVE-2023-4921",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4921"
},
{
"name": "CVE-2024-22262",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22262"
},
{
"name": "CVE-2023-33203",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33203"
},
{
"name": "CVE-2023-5981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5981"
},
{
"name": "CVE-2023-3812",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3812"
},
{
"name": "CVE-2023-32360",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32360"
},
{
"name": "CVE-2023-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
},
{
"name": "CVE-2023-39189",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39189"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2024-27269",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27269"
},
{
"name": "CVE-2023-38409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38409"
},
{
"name": "CVE-2021-43975",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43975"
},
{
"name": "CVE-2023-4207",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4207"
},
{
"name": "CVE-2018-19787",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19787"
},
{
"name": "CVE-2023-28487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28487"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2023-6135",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6135"
},
{
"name": "CVE-2023-6356",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6356"
},
{
"name": "CVE-2023-39198",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39198"
},
{
"name": "CVE-2024-1488",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1488"
},
{
"name": "CVE-2023-1252",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1252"
},
{
"name": "CVE-2021-3753",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3753"
},
{
"name": "CVE-2022-3545",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3545"
},
{
"name": "CVE-2020-28241",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28241"
},
{
"name": "CVE-2023-2176",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2176"
},
{
"name": "CVE-2023-2162",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2162"
},
{
"name": "CVE-2023-1079",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1079"
},
{
"name": "CVE-2022-36402",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36402"
},
{
"name": "CVE-2023-33952",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33952"
},
{
"name": "CVE-2023-32324",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32324"
},
{
"name": "CVE-2014-3146",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3146"
},
{
"name": "CVE-2023-45803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
},
{
"name": "CVE-2023-3758",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3758"
},
{
"name": "CVE-2023-3772",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3772"
},
{
"name": "CVE-2023-34967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34967"
},
{
"name": "CVE-2022-4744",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4744"
},
{
"name": "CVE-2023-40546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40546"
},
{
"name": "CVE-2021-35937",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35937"
},
{
"name": "CVE-2023-3161",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3161"
},
{
"name": "CVE-2023-28464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28464"
},
{
"name": "CVE-2023-3341",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3341"
},
{
"name": "CVE-2023-3567",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3567"
},
{
"name": "CVE-2021-41043",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41043"
},
{
"name": "CVE-2023-35824",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35824"
},
{
"name": "CVE-2023-45871",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45871"
},
{
"name": "CVE-2023-1998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1998"
},
{
"name": "CVE-2023-28772",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28772"
},
{
"name": "CVE-2023-52580",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52580"
},
{
"name": "CVE-2022-40982",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40982"
},
{
"name": "CVE-2019-16163",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16163"
},
{
"name": "CVE-2023-1786",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1786"
},
{
"name": "CVE-2024-0553",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0553"
},
{
"name": "CVE-2023-1075",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1075"
},
{
"name": "CVE-2023-3609",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3609"
},
{
"name": "CVE-2023-4155",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4155"
},
{
"name": "CVE-2023-4208",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4208"
},
{
"name": "CVE-2023-35823",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35823"
},
{
"name": "CVE-2023-52574",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52574"
},
{
"name": "CVE-2022-3565",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3565"
},
{
"name": "CVE-2023-31083",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31083"
},
{
"name": "CVE-2023-26545",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26545"
},
{
"name": "CVE-2022-3640",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3640"
},
{
"name": "CVE-2023-6176",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6176"
},
{
"name": "CVE-2022-45887",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45887"
},
{
"name": "CVE-2023-6535",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6535"
},
{
"name": "CVE-2023-25012",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25012"
},
{
"name": "CVE-2022-0500",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0500"
},
{
"name": "CVE-2024-0841",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0841"
},
{
"name": "CVE-2019-19203",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19203"
},
{
"name": "CVE-2023-1118",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1118"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2020-25656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25656"
},
{
"name": "CVE-2022-48560",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48560"
},
{
"name": "CVE-2017-7500",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7500"
},
{
"name": "CVE-2022-3594",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3594"
},
{
"name": "CVE-2023-51780",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51780"
},
{
"name": "CVE-2023-52434",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52434"
},
{
"name": "CVE-2023-34241",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34241"
},
{
"name": "CVE-2022-3094",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3094"
},
{
"name": "CVE-2024-25742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25742"
},
{
"name": "CVE-2024-25743",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25743"
},
{
"name": "CVE-2022-38096",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38096"
},
{
"name": "CVE-2023-4622",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4622"
},
{
"name": "CVE-2019-8696",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8696"
},
{
"name": "CVE-2024-26602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26602"
},
{
"name": "CVE-2023-3141",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3141"
},
{
"name": "CVE-2021-4204",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4204"
},
{
"name": "CVE-2022-28388",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28388"
},
{
"name": "CVE-2023-30456",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30456"
},
{
"name": "CVE-2023-42465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42465"
},
{
"name": "CVE-2023-39192",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39192"
},
{
"name": "CVE-2023-5676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
},
{
"name": "CVE-2023-6606",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6606"
},
{
"name": "CVE-2023-39194",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39194"
},
{
"name": "CVE-2023-52620",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52620"
},
{
"name": "CVE-2023-24023",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24023"
},
{
"name": "CVE-2023-6932",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6932"
},
{
"name": "CVE-2023-0458",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0458"
},
{
"name": "CVE-2023-1073",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1073"
},
{
"name": "CVE-2023-3212",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3212"
},
{
"name": "CVE-2021-33631",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33631"
},
{
"name": "CVE-2023-50387",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50387"
},
{
"name": "CVE-2023-40549",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40549"
},
{
"name": "CVE-2023-1513",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1513"
},
{
"name": "CVE-2022-48624",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48624"
},
{
"name": "CVE-2011-4969",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4969"
},
{
"name": "CVE-2021-35938",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35938"
},
{
"name": "CVE-2023-40548",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40548"
},
{
"name": "CVE-2023-0597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0597"
},
{
"name": "CVE-2024-22259",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22259"
},
{
"name": "CVE-2022-46329",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46329"
},
{
"name": "CVE-2023-34966",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34966"
},
{
"name": "CVE-2023-26604",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26604"
},
{
"name": "CVE-2023-6546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6546"
},
{
"name": "CVE-2023-7192",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7192"
},
{
"name": "CVE-2023-4132",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4132"
},
{
"name": "CVE-2022-26377",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26377"
},
{
"name": "CVE-2023-52581",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52581"
},
{
"name": "CVE-2023-40550",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40550"
},
{
"name": "CVE-2019-13631",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13631"
},
{
"name": "CVE-2024-1086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1086"
},
{
"name": "CVE-2023-1206",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1206"
},
{
"name": "CVE-2024-0565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0565"
},
{
"name": "CVE-2019-8675",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8675"
},
{
"name": "CVE-2023-4623",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4623"
},
{
"name": "CVE-2023-51042",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51042"
},
{
"name": "CVE-2023-42755",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42755"
},
{
"name": "CVE-2023-0590",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0590"
},
{
"name": "CVE-2023-39615",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39615"
},
{
"name": "CVE-2017-7501",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7501"
},
{
"name": "CVE-2023-28486",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28486"
},
{
"name": "CVE-2023-50960",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50960"
},
{
"name": "CVE-2015-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9251"
},
{
"name": "CVE-2023-5388",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5388"
},
{
"name": "CVE-2023-3268",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3268"
},
{
"name": "CVE-2023-25775",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25775"
},
{
"name": "CVE-2012-6708",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6708"
},
{
"name": "CVE-2022-2127",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2127"
},
{
"name": "CVE-2020-7656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7656"
},
{
"name": "CVE-2023-5717",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5717"
},
{
"name": "CVE-2019-19012",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19012"
},
{
"name": "CVE-2020-27783",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27783"
},
{
"name": "CVE-2023-6622",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6622"
},
{
"name": "CVE-2021-43818",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43818"
},
{
"name": "CVE-2022-23222",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23222"
},
{
"name": "CVE-2023-6121",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6121"
},
{
"name": "CVE-2021-43618",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43618"
},
{
"name": "CVE-2023-2166",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2166"
},
{
"name": "CVE-2023-1192",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1192"
},
{
"name": "CVE-2023-40547",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40547"
},
{
"name": "CVE-2023-6931",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6931"
},
{
"name": "CVE-2023-6610",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6610"
},
{
"name": "CVE-2023-42754",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42754"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0506",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-06-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Juniper Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Juniper Secure Analytics",
"vendor_advisories": [
{
"published_at": "2024-06-19",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82681",
"url": "https://supportportal.juniper.net/s/article/On-Demand-JSA-Series-Multiple-vulnerabilities-resolved-in-Juniper-Secure-Analytics-in-7-5-0-UP8-IF03"
}
]
}
CERTFR-2022-AVI-658
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Oracle PeopleSoft. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | PeopleSoft | PeopleSoft version 8.59 | ||
| Oracle | PeopleSoft | PeopleSoft version 8.58 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "PeopleSoft version 8.59",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "PeopleSoft version 8.58",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-21512",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21512"
},
{
"name": "CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"name": "CVE-2022-21543",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21543"
},
{
"name": "CVE-2022-24728",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24728"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2022-21520",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21520"
},
{
"name": "CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2022-24729",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24729"
},
{
"name": "CVE-2022-21521",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21521"
},
{
"name": "CVE-2022-23437",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23437"
},
{
"name": "CVE-2021-31684",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31684"
},
{
"name": "CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"name": "CVE-2020-7656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7656"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-658",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-07-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle PeopleSoft.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0 distance et une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle PeopleSoft",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2022 du 19 juillet 2022",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html#AppendixPS"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2022verbose du 19 juillet 2022",
"url": "https://www.oracle.com/security-alerts/cpujul2022verbose.html#PS"
}
]
}
CERTFR-2023-AVI-0250
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits IBM. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une injection de code indirecte à distance (XSS), une élévation de privilèges et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.5.0 UPx antérieures à 7.5.0 UP5 | ||
| IBM | WebSphere | IBM WebSphere Extreme Scale versions 8.6.1.x antérieures à 8.6.1.5 incluant le correctif de sécurité PH53340 | ||
| IBM | WebSphere | IBM WebSphere Application Server versions 9.0.x antérieures à 9.0.5.14 incluant le correctif de sécurité PH52925 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.4.3 FPx antérieures à 7.4.3 FP9 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM QRadar SIEM versions 7.5.0 UPx ant\u00e9rieures \u00e0 7.5.0 UP5",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM WebSphere Extreme Scale versions 8.6.1.x ant\u00e9rieures \u00e0 8.6.1.5 incluant le correctif de s\u00e9curit\u00e9 PH53340",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM WebSphere Application Server versions 9.0.x ant\u00e9rieures \u00e0 9.0.5.14 incluant le correctif de s\u00e9curit\u00e9 PH52925",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions 7.4.3 FPx ant\u00e9rieures \u00e0 7.4.3 FP9",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-26283",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26283"
},
{
"name": "CVE-2018-15494",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15494"
},
{
"name": "CVE-2019-11358",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
},
{
"name": "CVE-2022-43863",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43863"
},
{
"name": "CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"name": "CVE-2015-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9251"
},
{
"name": "CVE-2012-6708",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6708"
},
{
"name": "CVE-2020-7656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7656"
},
{
"name": "CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0250",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-03-22T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eIBM\u003c/span\u003e. Elles permettent \u00e0 un attaquant de provoquer\nun contournement de la politique de s\u00e9curit\u00e9, une injection de code\nindirecte \u00e0 distance (XSS), une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte\n\u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6964836 du 21 mars 2023",
"url": "https://www.ibm.com/support/pages/node/6964836"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6964844 du 21 mars 2023",
"url": "https://www.ibm.com/support/pages/node/6964844"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6964862 du 21 mars 2023",
"url": "https://www.ibm.com/support/pages/node/6964862"
}
]
}
CERTFR-2023-AVI-0208
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Tenable. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nessus versions ant\u00e9rieures \u00e0 10.5.0",
"product": {
"name": "Nessus",
"vendor": {
"name": "Tenable",
"scada": false
}
}
},
{
"description": "Nessus Agent versions 10.3.0 ant\u00e9rieures \u00e0 10.3.2",
"product": {
"name": "Nessus",
"vendor": {
"name": "Tenable",
"scada": false
}
}
},
{
"description": "Nessus Agent versions 8.3.x ant\u00e9rieures \u00e0 8.3.5",
"product": {
"name": "Nessus",
"vendor": {
"name": "Tenable",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
},
{
"name": "CVE-2023-0401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2019-11358",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
},
{
"name": "CVE-2020-28458",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28458"
},
{
"name": "CVE-2022-4203",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4203"
},
{
"name": "CVE-2023-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
},
{
"name": "CVE-2021-23445",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23445"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2022-2097",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2097"
},
{
"name": "CVE-2020-7656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7656"
},
{
"name": "CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0208",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-03-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits \u003cspan\nclass=\"textit\"\u003eTenable\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Nessus",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Tenable TNS-2023-11 du 07 mars 2023",
"url": "https://www.tenable.com/security/tns-2023-11"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Tenable TNS-2023-09 du 02 mars 2023",
"url": "https://www.tenable.com/security/tns-2023-09"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Tenable TNS-2023-10 du 06 mars 2023",
"url": "https://www.tenable.com/security/tns-2023-10"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Tenable TNS-2023-12 du 09 mars 2023",
"url": "https://www.tenable.com/security/tns-2023-12"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Tenable TNS-2023-13 du 09 mars 2023",
"url": "https://www.tenable.com/security/tns-2023-13"
}
]
}
CERTFR-2024-AVI-0506
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Juniper Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | Secure Analytics | Secure Analytics versions antérieures à 7.5.0 UP8 IF03 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Secure Analytics versions ant\u00e9rieures \u00e0 7.5.0 UP8 IF03",
"product": {
"name": "Secure Analytics",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2023-1382",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1382"
},
{
"name": "CVE-2023-4732",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4732"
},
{
"name": "CVE-2022-48564",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48564"
},
{
"name": "CVE-2019-15505",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15505"
},
{
"name": "CVE-2023-52448",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52448"
},
{
"name": "CVE-2023-3138",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3138"
},
{
"name": "CVE-2023-46813",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46813"
},
{
"name": "CVE-2023-46218",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46218"
},
{
"name": "CVE-2023-1838",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1838"
},
{
"name": "CVE-2023-40551",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40551"
},
{
"name": "CVE-2022-45934",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45934"
},
{
"name": "CVE-2023-28328",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28328"
},
{
"name": "CVE-2023-51043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51043"
},
{
"name": "CVE-2023-51385",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51385"
},
{
"name": "CVE-2023-5633",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5633"
},
{
"name": "CVE-2023-52425",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52425"
},
{
"name": "CVE-2022-38457",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38457"
},
{
"name": "CVE-2023-38546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
},
{
"name": "CVE-2023-45863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45863"
},
{
"name": "CVE-2022-26691",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26691"
},
{
"name": "CVE-2023-6915",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6915"
},
{
"name": "CVE-2023-5178",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5178"
},
{
"name": "CVE-2024-26671",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26671"
},
{
"name": "CVE-2023-50868",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50868"
},
{
"name": "CVE-2023-6536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6536"
},
{
"name": "CVE-2023-37453",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37453"
},
{
"name": "CVE-2023-23455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23455"
},
{
"name": "CVE-2022-45061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
},
{
"name": "CVE-2020-10001",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10001"
},
{
"name": "CVE-2024-0646",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0646"
},
{
"name": "CVE-2023-4091",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4091"
},
{
"name": "CVE-2023-40283",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40283"
},
{
"name": "CVE-2022-45884",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45884"
},
{
"name": "CVE-2023-52489",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52489"
},
{
"name": "CVE-2007-4559",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-4559"
},
{
"name": "CVE-2023-33951",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33951"
},
{
"name": "CVE-2023-2163",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2163"
},
{
"name": "CVE-2023-4133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4133"
},
{
"name": "CVE-2022-42895",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42895"
},
{
"name": "CVE-2023-4244",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4244"
},
{
"name": "CVE-2022-40133",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40133"
},
{
"name": "CVE-2021-35939",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35939"
},
{
"name": "CVE-2023-39193",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39193"
},
{
"name": "CVE-2023-28322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28322"
},
{
"name": "CVE-2024-22243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22243"
},
{
"name": "CVE-2023-45862",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45862"
},
{
"name": "CVE-2023-1989",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1989"
},
{
"name": "CVE-2020-3898",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3898"
},
{
"name": "CVE-2023-51779",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51779"
},
{
"name": "CVE-2023-1855",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1855"
},
{
"name": "CVE-2024-28784",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28784"
},
{
"name": "CVE-2022-45869",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45869"
},
{
"name": "CVE-2023-2513",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2513"
},
{
"name": "CVE-2023-4408",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4408"
},
{
"name": "CVE-2023-42669",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42669"
},
{
"name": "CVE-2023-2828",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2828"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2023-20569",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20569"
},
{
"name": "CVE-2023-50961",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50961"
},
{
"name": "CVE-2023-4206",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4206"
},
{
"name": "CVE-2023-52340",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52340"
},
{
"name": "CVE-2023-6817",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6817"
},
{
"name": "CVE-2023-31084",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31084"
},
{
"name": "CVE-2024-26609",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26609"
},
{
"name": "CVE-2022-45919",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45919"
},
{
"name": "CVE-2019-13224",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13224"
},
{
"name": "CVE-2022-41858",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41858"
},
{
"name": "CVE-2023-3611",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3611"
},
{
"name": "CVE-2023-4128",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4128"
},
{
"name": "CVE-2023-34968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34968"
},
{
"name": "CVE-2023-31436",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31436"
},
{
"name": "CVE-2001-1267",
"url": "https://www.cve.org/CVERecord?id=CVE-2001-1267"
},
{
"name": "CVE-2023-1074",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1074"
},
{
"name": "CVE-2019-19204",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19204"
},
{
"name": "CVE-2023-42753",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42753"
},
{
"name": "CVE-2023-4921",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4921"
},
{
"name": "CVE-2024-22262",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22262"
},
{
"name": "CVE-2023-33203",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33203"
},
{
"name": "CVE-2023-5981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5981"
},
{
"name": "CVE-2023-3812",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3812"
},
{
"name": "CVE-2023-32360",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32360"
},
{
"name": "CVE-2023-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
},
{
"name": "CVE-2023-39189",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39189"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2024-27269",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27269"
},
{
"name": "CVE-2023-38409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38409"
},
{
"name": "CVE-2021-43975",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43975"
},
{
"name": "CVE-2023-4207",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4207"
},
{
"name": "CVE-2018-19787",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19787"
},
{
"name": "CVE-2023-28487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28487"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2023-6135",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6135"
},
{
"name": "CVE-2023-6356",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6356"
},
{
"name": "CVE-2023-39198",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39198"
},
{
"name": "CVE-2024-1488",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1488"
},
{
"name": "CVE-2023-1252",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1252"
},
{
"name": "CVE-2021-3753",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3753"
},
{
"name": "CVE-2022-3545",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3545"
},
{
"name": "CVE-2020-28241",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28241"
},
{
"name": "CVE-2023-2176",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2176"
},
{
"name": "CVE-2023-2162",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2162"
},
{
"name": "CVE-2023-1079",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1079"
},
{
"name": "CVE-2022-36402",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36402"
},
{
"name": "CVE-2023-33952",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33952"
},
{
"name": "CVE-2023-32324",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32324"
},
{
"name": "CVE-2014-3146",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3146"
},
{
"name": "CVE-2023-45803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
},
{
"name": "CVE-2023-3758",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3758"
},
{
"name": "CVE-2023-3772",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3772"
},
{
"name": "CVE-2023-34967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34967"
},
{
"name": "CVE-2022-4744",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4744"
},
{
"name": "CVE-2023-40546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40546"
},
{
"name": "CVE-2021-35937",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35937"
},
{
"name": "CVE-2023-3161",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3161"
},
{
"name": "CVE-2023-28464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28464"
},
{
"name": "CVE-2023-3341",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3341"
},
{
"name": "CVE-2023-3567",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3567"
},
{
"name": "CVE-2021-41043",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41043"
},
{
"name": "CVE-2023-35824",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35824"
},
{
"name": "CVE-2023-45871",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45871"
},
{
"name": "CVE-2023-1998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1998"
},
{
"name": "CVE-2023-28772",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28772"
},
{
"name": "CVE-2023-52580",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52580"
},
{
"name": "CVE-2022-40982",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40982"
},
{
"name": "CVE-2019-16163",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16163"
},
{
"name": "CVE-2023-1786",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1786"
},
{
"name": "CVE-2024-0553",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0553"
},
{
"name": "CVE-2023-1075",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1075"
},
{
"name": "CVE-2023-3609",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3609"
},
{
"name": "CVE-2023-4155",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4155"
},
{
"name": "CVE-2023-4208",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4208"
},
{
"name": "CVE-2023-35823",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35823"
},
{
"name": "CVE-2023-52574",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52574"
},
{
"name": "CVE-2022-3565",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3565"
},
{
"name": "CVE-2023-31083",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31083"
},
{
"name": "CVE-2023-26545",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26545"
},
{
"name": "CVE-2022-3640",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3640"
},
{
"name": "CVE-2023-6176",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6176"
},
{
"name": "CVE-2022-45887",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45887"
},
{
"name": "CVE-2023-6535",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6535"
},
{
"name": "CVE-2023-25012",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25012"
},
{
"name": "CVE-2022-0500",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0500"
},
{
"name": "CVE-2024-0841",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0841"
},
{
"name": "CVE-2019-19203",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19203"
},
{
"name": "CVE-2023-1118",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1118"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2020-25656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25656"
},
{
"name": "CVE-2022-48560",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48560"
},
{
"name": "CVE-2017-7500",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7500"
},
{
"name": "CVE-2022-3594",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3594"
},
{
"name": "CVE-2023-51780",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51780"
},
{
"name": "CVE-2023-52434",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52434"
},
{
"name": "CVE-2023-34241",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34241"
},
{
"name": "CVE-2022-3094",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3094"
},
{
"name": "CVE-2024-25742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25742"
},
{
"name": "CVE-2024-25743",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25743"
},
{
"name": "CVE-2022-38096",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38096"
},
{
"name": "CVE-2023-4622",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4622"
},
{
"name": "CVE-2019-8696",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8696"
},
{
"name": "CVE-2024-26602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26602"
},
{
"name": "CVE-2023-3141",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3141"
},
{
"name": "CVE-2021-4204",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4204"
},
{
"name": "CVE-2022-28388",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28388"
},
{
"name": "CVE-2023-30456",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30456"
},
{
"name": "CVE-2023-42465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42465"
},
{
"name": "CVE-2023-39192",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39192"
},
{
"name": "CVE-2023-5676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
},
{
"name": "CVE-2023-6606",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6606"
},
{
"name": "CVE-2023-39194",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39194"
},
{
"name": "CVE-2023-52620",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52620"
},
{
"name": "CVE-2023-24023",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24023"
},
{
"name": "CVE-2023-6932",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6932"
},
{
"name": "CVE-2023-0458",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0458"
},
{
"name": "CVE-2023-1073",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1073"
},
{
"name": "CVE-2023-3212",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3212"
},
{
"name": "CVE-2021-33631",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33631"
},
{
"name": "CVE-2023-50387",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50387"
},
{
"name": "CVE-2023-40549",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40549"
},
{
"name": "CVE-2023-1513",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1513"
},
{
"name": "CVE-2022-48624",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48624"
},
{
"name": "CVE-2011-4969",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4969"
},
{
"name": "CVE-2021-35938",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35938"
},
{
"name": "CVE-2023-40548",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40548"
},
{
"name": "CVE-2023-0597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0597"
},
{
"name": "CVE-2024-22259",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22259"
},
{
"name": "CVE-2022-46329",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46329"
},
{
"name": "CVE-2023-34966",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34966"
},
{
"name": "CVE-2023-26604",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26604"
},
{
"name": "CVE-2023-6546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6546"
},
{
"name": "CVE-2023-7192",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7192"
},
{
"name": "CVE-2023-4132",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4132"
},
{
"name": "CVE-2022-26377",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26377"
},
{
"name": "CVE-2023-52581",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52581"
},
{
"name": "CVE-2023-40550",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40550"
},
{
"name": "CVE-2019-13631",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13631"
},
{
"name": "CVE-2024-1086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1086"
},
{
"name": "CVE-2023-1206",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1206"
},
{
"name": "CVE-2024-0565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0565"
},
{
"name": "CVE-2019-8675",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8675"
},
{
"name": "CVE-2023-4623",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4623"
},
{
"name": "CVE-2023-51042",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51042"
},
{
"name": "CVE-2023-42755",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42755"
},
{
"name": "CVE-2023-0590",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0590"
},
{
"name": "CVE-2023-39615",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39615"
},
{
"name": "CVE-2017-7501",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7501"
},
{
"name": "CVE-2023-28486",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28486"
},
{
"name": "CVE-2023-50960",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50960"
},
{
"name": "CVE-2015-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9251"
},
{
"name": "CVE-2023-5388",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5388"
},
{
"name": "CVE-2023-3268",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3268"
},
{
"name": "CVE-2023-25775",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25775"
},
{
"name": "CVE-2012-6708",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6708"
},
{
"name": "CVE-2022-2127",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2127"
},
{
"name": "CVE-2020-7656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7656"
},
{
"name": "CVE-2023-5717",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5717"
},
{
"name": "CVE-2019-19012",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19012"
},
{
"name": "CVE-2020-27783",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27783"
},
{
"name": "CVE-2023-6622",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6622"
},
{
"name": "CVE-2021-43818",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43818"
},
{
"name": "CVE-2022-23222",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23222"
},
{
"name": "CVE-2023-6121",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6121"
},
{
"name": "CVE-2021-43618",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43618"
},
{
"name": "CVE-2023-2166",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2166"
},
{
"name": "CVE-2023-1192",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1192"
},
{
"name": "CVE-2023-40547",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40547"
},
{
"name": "CVE-2023-6931",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6931"
},
{
"name": "CVE-2023-6610",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6610"
},
{
"name": "CVE-2023-42754",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42754"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0506",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-06-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Juniper Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Juniper Secure Analytics",
"vendor_advisories": [
{
"published_at": "2024-06-19",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82681",
"url": "https://supportportal.juniper.net/s/article/On-Demand-JSA-Series-Multiple-vulnerabilities-resolved-in-Juniper-Secure-Analytics-in-7-5-0-UP8-IF03"
}
]
}
CERTFR-2022-AVI-928
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar | IBM QRadar Pulse App versions antérieures à 2.2.9 | ||
| IBM | N/A | CP4BA version 22.0.1 sans le correctif de sécurité CP4BA 22.0.1-IF2 | ||
| IBM | Cloud Pak | IBM Robotic Process Automation pour Cloud Pak versions antérieures à 21.0.5 | ||
| IBM | N/A | IBM ECM CMIS et FileNet Collaboration Services version 3.0.6 sans le correctif de sécurité CMIS 3.0.6-IF2 | ||
| IBM | Cognos Analytics | IBM Cognos Analytics versions 11.2.x antérieures à 11.2.3 | ||
| IBM | Cognos Analytics | IBM Cognos Analytics versions 11.1.x antérieures à 11.1.7 FP6 | ||
| IBM | N/A | CP4BA version 21.0.3 sans le correctif de sécurité CP4BA 21.0.3-IF12 | ||
| IBM | N/A | Enterprise Content Management System Monitor (ESM) versions 5.5.x antérieures à 5.5.9 | ||
| IBM | QRadar User Behavior Analytics | QRadar User Behavior Analytics version 4.1.8 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM QRadar Pulse App versions ant\u00e9rieures \u00e0 2.2.9",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "CP4BA version 22.0.1 sans le correctif de s\u00e9curit\u00e9 CP4BA 22.0.1-IF2",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Robotic Process Automation pour Cloud Pak versions ant\u00e9rieures \u00e0 21.0.5",
"product": {
"name": "Cloud Pak",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM ECM CMIS et FileNet Collaboration Services version 3.0.6 sans le correctif de s\u00e9curit\u00e9 CMIS 3.0.6-IF2",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.3",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Cognos Analytics versions 11.1.x ant\u00e9rieures \u00e0 11.1.7 FP6",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "CP4BA version 21.0.3 sans le correctif de s\u00e9curit\u00e9 CP4BA 21.0.3-IF12",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Enterprise Content Management System Monitor (ESM) versions 5.5.x ant\u00e9rieures \u00e0 5.5.9",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar User Behavior Analytics version 4.1.8",
"product": {
"name": "QRadar User Behavior Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-44906",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
},
{
"name": "CVE-2018-3721",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3721"
},
{
"name": "CVE-2022-22965",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22965"
},
{
"name": "CVE-2021-29425",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29425"
},
{
"name": "CVE-2021-22959",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22959"
},
{
"name": "CVE-2020-7788",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7788"
},
{
"name": "CVE-2021-3733",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3733"
},
{
"name": "CVE-2021-37701",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37701"
},
{
"name": "CVE-2021-34538",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34538"
},
{
"name": "CVE-2021-33502",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33502"
},
{
"name": "CVE-2019-9947",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9947"
},
{
"name": "CVE-2018-20852",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20852"
},
{
"name": "CVE-2021-32804",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32804"
},
{
"name": "CVE-2022-25647",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25647"
},
{
"name": "CVE-2019-11358",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
},
{
"name": "CVE-2022-0391",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0391"
},
{
"name": "CVE-2020-26116",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26116"
},
{
"name": "CVE-2020-13936",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13936"
},
{
"name": "CVE-2020-4051",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-4051"
},
{
"name": "CVE-2019-9636",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9636"
},
{
"name": "CVE-2021-23337",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23337"
},
{
"name": "CVE-2019-10202",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10202"
},
{
"name": "CVE-2021-4160",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4160"
},
{
"name": "CVE-2021-22960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22960"
},
{
"name": "CVE-2021-37713",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37713"
},
{
"name": "CVE-2021-43138",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43138"
},
{
"name": "CVE-2018-25031",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25031"
},
{
"name": "CVE-2021-37712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37712"
},
{
"name": "CVE-2021-3711",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3711"
},
{
"name": "CVE-2012-5783",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5783"
},
{
"name": "CVE-2019-1010266",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1010266"
},
{
"name": "CVE-2021-3807",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3807"
},
{
"name": "CVE-2019-10744",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10744"
},
{
"name": "CVE-2021-4189",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4189"
},
{
"name": "CVE-2020-9492",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9492"
},
{
"name": "CVE-2019-9740",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9740"
},
{
"name": "CVE-2021-23450",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23450"
},
{
"name": "CVE-2021-32803",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32803"
},
{
"name": "CVE-2021-3737",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3737"
},
{
"name": "CVE-2020-15523",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15523"
},
{
"name": "CVE-2020-27619",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27619"
},
{
"name": "CVE-2020-8492",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8492"
},
{
"name": "CVE-2021-22569",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22569"
},
{
"name": "CVE-2021-3177",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3177"
},
{
"name": "CVE-2019-18348",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18348"
},
{
"name": "CVE-2019-0205",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0205"
},
{
"name": "CVE-2019-10172",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10172"
},
{
"name": "CVE-2022-34339",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34339"
},
{
"name": "CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"name": "CVE-2020-8203",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8203"
},
{
"name": "CVE-2018-16487",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16487"
},
{
"name": "CVE-2021-3712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
},
{
"name": "CVE-2021-3918",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3918"
},
{
"name": "CVE-2018-20406",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20406"
},
{
"name": "CVE-2011-4969",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4969"
},
{
"name": "CVE-2021-3765",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3765"
},
{
"name": "CVE-2021-44907",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44907"
},
{
"name": "CVE-2015-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9251"
},
{
"name": "CVE-2012-6708",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6708"
},
{
"name": "CVE-2020-7656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7656"
},
{
"name": "CVE-2020-28469",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28469"
},
{
"name": "CVE-2020-7598",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7598"
},
{
"name": "CVE-2019-16935",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16935"
},
{
"name": "CVE-2022-26488",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26488"
},
{
"name": "CVE-2022-24758",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24758"
},
{
"name": "CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-928",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-10-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6830211 du 18 octobre 2022",
"url": "https://www.ibm.com/support/pages/node/6830211"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6830243 du 18 octobre 2022",
"url": "https://www.ibm.com/support/pages/node/6830243"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6828527 du 17 octobre 2022",
"url": "https://www.ibm.com/support/pages/node/6828527"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6830257 du 18 octobre 2022",
"url": "https://www.ibm.com/support/pages/node/6830257"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6830265 du 18 octobre 2022",
"url": "https://www.ibm.com/support/pages/node/6830265"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6830017 du 18 octobre 2022",
"url": "https://www.ibm.com/support/pages/node/6830017"
}
]
}
CERTFR-2024-AVI-0305
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
- Sterling Connect:Direct pour UNIX versions 6.1.0.x antérieures à 6.1.0.4.iFix104
- Sterling Connect:Direct pour UNIX versions 6.0.0.x antérieures à 6.0.0.2.iFix163
- Sterling Connect:Direct FTP+ versions antérieures à 1.3.0 sans le correctif de sécurité iFix026
- QRadar App SDK versions 2.2.x antérieures à 2.2.1
- QRadar Deployment Intelligence App versions antérieures à 3.0.13
- Cloud Pak for Security versions 1.10.x.x antérieures à 1.10.20.0
- QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP8 IF01
- QRadar Suite Software versions 1.10.12.x antérieures à 1.10.20.0
- WebSphere Application Server Liberty versions postérieures à 21.0.0.2 et antérieures à 24.0.0.4
- WebSphere Application Server versions 9.x antérieures à 9.0.5.19
- WebSphere Application Server versions postérieures à 8.5.5.2 antérieures à 8.5.5.26
- Sterling B2B Integrator versions 6.0.x.x à 6.1.x.x antérieures à 6.1.2.5
- Sterling B2B Integrator versions 6.2.x.x antérieures à 6.2.0.1
Se référer aux bulletin de l'éditeur pour les versions des fichiers vulnérables (cf. section Documentation).
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cul\u003e \u003cli\u003eSterling Connect:Direct pour UNIX versions 6.1.0.x ant\u00e9rieures \u00e0\u00a06.1.0.4.iFix104\u003c/li\u003e \u003cli\u003eSterling Connect:Direct pour UNIX versions 6.0.0.x ant\u00e9rieures \u00e0 6.0.0.2.iFix163\u003c/li\u003e \u003cli\u003eSterling Connect:Direct FTP+ versions ant\u00e9rieures \u00e0 1.3.0 sans le correctif de s\u00e9curit\u00e9 iFix026\u003c/li\u003e \u003cli\u003eQRadar App SDK versions 2.2.x ant\u00e9rieures \u00e0 2.2.1\u003c/li\u003e \u003cli\u003eQRadar Deployment Intelligence App versions ant\u00e9rieures \u00e0 3.0.13\u003c/li\u003e \u003cli\u003eCloud Pak for Security versions 1.10.x.x ant\u00e9rieures \u00e0 1.10.20.0\u003c/li\u003e \u003cli\u003eQRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP8 IF01\u003c/li\u003e \u003cli\u003eQRadar Suite Software versions 1.10.12.x ant\u00e9rieures \u00e0 1.10.20.0\u003c/li\u003e \u003cli\u003eWebSphere Application Server Liberty versions post\u00e9rieures \u00e0 21.0.0.2 et ant\u00e9rieures \u00e0 24.0.0.4\u003c/li\u003e \u003cli\u003eWebSphere Application Server versions 9.x ant\u00e9rieures \u00e0 9.0.5.19\u003c/li\u003e \u003cli\u003eWebSphere Application Server versions post\u00e9rieures \u00e0 8.5.5.2 ant\u00e9rieures \u00e0 8.5.5.26\u003c/li\u003e \u003cli\u003eSterling B2B Integrator versions 6.0.x.x \u00e0 6.1.x.x ant\u00e9rieures \u00e0 6.1.2.5\u003c/li\u003e \u003cli\u003eSterling B2B Integrator versions 6.2.x.x ant\u00e9rieures \u00e0 6.2.0.1\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eSe r\u00e9f\u00e9rer aux bulletin de l\u0027\u00e9diteur pour les versions des fichiers vuln\u00e9rables (cf. section Documentation).\u003c/p\u003e ",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-20919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
},
{
"name": "CVE-2022-48564",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48564"
},
{
"name": "CVE-2024-1597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1597"
},
{
"name": "CVE-2023-43642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
},
{
"name": "CVE-2023-46218",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46218"
},
{
"name": "CVE-2023-45857",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45857"
},
{
"name": "CVE-2023-51385",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51385"
},
{
"name": "CVE-2023-46234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46234"
},
{
"name": "CVE-2023-38546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
},
{
"name": "CVE-2023-37920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2021-31525",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31525"
},
{
"name": "CVE-2023-52426",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52426"
},
{
"name": "CVE-2022-45061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
},
{
"name": "CVE-2023-4091",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4091"
},
{
"name": "CVE-2023-50782",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50782"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2024-22361",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22361"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2021-35939",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35939"
},
{
"name": "CVE-2023-28322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28322"
},
{
"name": "CVE-2023-42669",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42669"
},
{
"name": "CVE-2023-2828",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2828"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2023-20569",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20569"
},
{
"name": "CVE-2012-0881",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0881"
},
{
"name": "CVE-2019-13224",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13224"
},
{
"name": "CVE-2023-34968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34968"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2019-19204",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19204"
},
{
"name": "CVE-2023-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2021-22696",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22696"
},
{
"name": "CVE-2023-42795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42795"
},
{
"name": "CVE-2023-28487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28487"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2023-6135",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6135"
},
{
"name": "CVE-2022-46364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46364"
},
{
"name": "CVE-2024-22195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22195"
},
{
"name": "CVE-2020-28241",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28241"
},
{
"name": "CVE-2023-45648",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45648"
},
{
"name": "CVE-2023-45803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
},
{
"name": "CVE-2022-46363",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46363"
},
{
"name": "CVE-2023-34967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34967"
},
{
"name": "CVE-2021-35937",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35937"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2023-3341",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3341"
},
{
"name": "CVE-2021-41043",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41043"
},
{
"name": "CVE-2019-16163",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16163"
},
{
"name": "CVE-2023-1786",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1786"
},
{
"name": "CVE-2024-0553",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0553"
},
{
"name": "CVE-2021-30468",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30468"
},
{
"name": "CVE-2024-26130",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26130"
},
{
"name": "CVE-2019-19203",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19203"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2023-33850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
},
{
"name": "CVE-2022-48560",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48560"
},
{
"name": "CVE-2017-7500",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7500"
},
{
"name": "CVE-2023-42794",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42794"
},
{
"name": "CVE-2022-34169",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34169"
},
{
"name": "CVE-2022-3094",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3094"
},
{
"name": "CVE-2022-41721",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41721"
},
{
"name": "CVE-2022-42920",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42920"
},
{
"name": "CVE-2022-23437",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23437"
},
{
"name": "CVE-2023-42465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42465"
},
{
"name": "CVE-2023-5676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
},
{
"name": "CVE-2021-33194",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33194"
},
{
"name": "CVE-2024-20932",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20932"
},
{
"name": "CVE-2023-49083",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49083"
},
{
"name": "CVE-2011-4969",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4969"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2021-35938",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35938"
},
{
"name": "CVE-2022-46329",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46329"
},
{
"name": "CVE-2023-34966",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34966"
},
{
"name": "CVE-2023-26604",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26604"
},
{
"name": "CVE-2022-41723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
},
{
"name": "CVE-2023-46589",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46589"
},
{
"name": "CVE-2023-32681",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2023-39615",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39615"
},
{
"name": "CVE-2017-7501",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7501"
},
{
"name": "CVE-2023-28486",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28486"
},
{
"name": "CVE-2015-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9251"
},
{
"name": "CVE-2023-5388",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5388"
},
{
"name": "CVE-2012-6708",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6708"
},
{
"name": "CVE-2022-2127",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2127"
},
{
"name": "CVE-2020-7656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7656"
},
{
"name": "CVE-2019-19012",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19012"
},
{
"name": "CVE-2023-26159",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26159"
},
{
"name": "CVE-2023-6597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
},
{
"name": "CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"name": "CVE-2024-22234",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22234"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0305",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-04-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147813 du 09 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147813"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148062 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148062"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147943 du 10 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147943"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147903 du 10 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147903"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148094 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148094"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148151 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148151"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148066 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148066"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148158 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148158"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147727 du 08 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147727"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148065 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148065"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148068 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148068"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147728 du 08 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147728"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147944 du 10 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147944"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147726 du 08 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147726"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147923 du 10 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147923"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147812 du 09 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147812"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148063 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148063"
}
]
}
CERTFR-2023-AVI-0190
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Tenable Nessus. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneReferences
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nessus versions ant\u00e9rieures \u00e0 10.5.0",
"product": {
"name": "Nessus",
"vendor": {
"name": "Tenable",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
},
{
"name": "CVE-2023-0401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2019-11358",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
},
{
"name": "CVE-2020-28458",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28458"
},
{
"name": "CVE-2022-4203",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4203"
},
{
"name": "CVE-2023-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
},
{
"name": "CVE-2021-23445",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23445"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2020-7656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7656"
},
{
"name": "CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0190",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-03-03T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Nessus.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Nessus",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2023-09 du 02 mars 2023",
"url": "https://www.tenable.com/security/tns-2023-09"
}
]
}
CERTFR-2023-AVI-0190
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Tenable Nessus. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneReferences
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nessus versions ant\u00e9rieures \u00e0 10.5.0",
"product": {
"name": "Nessus",
"vendor": {
"name": "Tenable",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
},
{
"name": "CVE-2023-0401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2019-11358",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
},
{
"name": "CVE-2020-28458",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28458"
},
{
"name": "CVE-2022-4203",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4203"
},
{
"name": "CVE-2023-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
},
{
"name": "CVE-2021-23445",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23445"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2020-7656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7656"
},
{
"name": "CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0190",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-03-03T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Nessus.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Nessus",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2023-09 du 02 mars 2023",
"url": "https://www.tenable.com/security/tns-2023-09"
}
]
}
WID-SEC-W-2023-0558
Vulnerability from csaf_certbund - Published: 2020-05-25 22:00 - Updated: 2024-05-07 22:00Summary
jQuery: Schwachstelle ermöglicht Cross-Site Scripting
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
jQuery ist eine freie JavaScript-Bibliothek, die Funktionen zur DOM-Navigation und -Manipulation zur Verfügung stellt.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in jQuery ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
- Sonstiges
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "jQuery ist eine freie JavaScript-Bibliothek, die Funktionen zur DOM-Navigation und -Manipulation zur Verf\u00fcgung stellt.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in jQuery ausnutzen, um einen Cross-Site Scripting Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-0558 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2020/wid-sec-w-2023-0558.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-0558 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0558"
},
{
"category": "external",
"summary": "NIST Database CVE-2020-7656 vom 2020-05-25",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7656"
},
{
"category": "external",
"summary": "PoC auf snyk.io",
"url": "https://snyk.io/vuln/SNYK-JS-JQUERY-569619"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:4211 vom 2020-10-08",
"url": "https://access.redhat.com/errata/RHSA-2020:4211"
},
{
"category": "external",
"summary": "Juniper Security Advisory JSA11203 vom 2021-07-14",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11203\u0026cat=SIRT_1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:4142 vom 2021-11-09",
"url": "https://access.redhat.com/errata/RHSA-2021:4142"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2021-9552 vom 2021-11-19",
"url": "https://linux.oracle.com/errata/ELSA-2021-9552.html"
},
{
"category": "external",
"summary": "Tenable Security Advisory TNS-2023-09 vom 2023-03-02",
"url": "https://www.tenable.com/security/tns-2023-09"
},
{
"category": "external",
"summary": "SolarWinds Platform 2023.3 Release Notes",
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3_release_notes.htm"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7060517 vom 2023-10-26",
"url": "https://www.ibm.com/support/pages/node/7060517"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7148094 vom 2024-04-11",
"url": "https://www.ibm.com/support/pages/node/7148094"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7150527 vom 2024-05-08",
"url": "https://www.ibm.com/support/pages/node/7150527"
}
],
"source_lang": "en-US",
"title": "jQuery: Schwachstelle erm\u00f6glicht Cross-Site Scripting",
"tracking": {
"current_release_date": "2024-05-07T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:46:05.663+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-0558",
"initial_release_date": "2020-05-25T22:00:00.000+00:00",
"revision_history": [
{
"date": "2020-05-25T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2020-10-07T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2021-07-14T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Juniper aufgenommen"
},
{
"date": "2021-11-09T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2021-11-18T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2023-03-02T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Tenable aufgenommen"
},
{
"date": "2023-07-25T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2023-10-26T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-04-11T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-05-07T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "10"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "7.6.1.2",
"product": {
"name": "IBM Maximo Asset Management 7.6.1.2",
"product_id": "812526",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:maximo_asset_management:7.6.1.2"
}
}
}
],
"category": "product_name",
"name": "Maximo Asset Management"
},
{
"branches": [
{
"category": "product_version",
"name": "7.5",
"product": {
"name": "IBM QRadar SIEM 7.5",
"product_id": "T022954",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5"
}
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c5.2.0.0",
"product": {
"name": "IBM Storage Scale \u003c5.2.0.0",
"product_id": "T034454"
}
},
{
"category": "product_version_range",
"name": "\u003c5.1.9-2",
"product": {
"name": "IBM Storage Scale \u003c5.1.9-2",
"product_id": "T034597"
}
}
],
"category": "product_name",
"name": "Storage Scale"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Juniper JUNOS",
"product": {
"name": "Juniper JUNOS",
"product_id": "5930",
"product_identification_helper": {
"cpe": "cpe:/o:juniper:junos:-"
}
}
}
],
"category": "vendor",
"name": "Juniper"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.9.0",
"product": {
"name": "Open Source jQuery \u003c1.9.0",
"product_id": "432958"
}
}
],
"category": "product_name",
"name": "jQuery"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2023.3",
"product": {
"name": "SolarWinds Platform \u003c2023.3",
"product_id": "T028897"
}
}
],
"category": "product_name",
"name": "Platform"
}
],
"category": "vendor",
"name": "SolarWinds"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.5.0",
"product": {
"name": "Tenable Security Nessus \u003c10.5.0",
"product_id": "T026604"
}
}
],
"category": "product_name",
"name": "Nessus"
}
],
"category": "vendor",
"name": "Tenable Security"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-7656",
"notes": [
{
"category": "description",
"text": "In jQuery existiert eine Cross-Site Scripting Schwachstelle. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter anonymer Angreifer kann durch Ausnutzung dieser Schwachstelle beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung dieser Schwachstelle muss der Angreifer den Benutzer dazu bringen eine modifizierte URL oder Webseite in seinem Webbrowser zu \u00f6ffnen."
}
],
"product_status": {
"known_affected": [
"T022954",
"T026604",
"67646",
"5930",
"812526",
"T028897",
"T004914",
"T034454",
"T034597"
]
},
"release_date": "2020-05-25T22:00:00.000+00:00",
"title": "CVE-2020-7656"
}
]
}
CNVD-2021-28270
Vulnerability from cnvd - Published: 2021-04-14
VLAI Severity ?
Title
jQuery跨站脚本漏洞(CNVD-2021-28270)
Description
jQuery是美国John Resig程序员的一套开源、跨浏览器的JavaScript库。该库简化了HTML与JavaScript之间的操作,并具有模块化、插件扩展等特点。
jquery 1.9.0之前版本中存在跨站脚本漏洞。该漏洞源于WEB应用缺少对客户端数据的正确验证。攻击者可利用该漏洞执行客户端代码。
Severity
中
Patch Name
jQuery跨站脚本漏洞(CNVD-2021-28270)的补丁
Patch Description
jQuery是美国John Resig程序员的一套开源、跨浏览器的JavaScript库。该库简化了HTML与JavaScript之间的操作,并具有模块化、插件扩展等特点。
jquery 1.9.0之前版本中存在跨站脚本漏洞。该漏洞源于WEB应用缺少对客户端数据的正确验证。攻击者可利用该漏洞执行客户端代码。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,详情请关注厂商主页: https://jquery.com/
Reference
https://snyk.io/vuln/SNYK-JS-JQUERY-569619
Impacted products
| Name | jQuery jQuery <1.9.0 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2020-7656"
}
},
"description": "jQuery\u662f\u7f8e\u56fdJohn Resig\u7a0b\u5e8f\u5458\u7684\u4e00\u5957\u5f00\u6e90\u3001\u8de8\u6d4f\u89c8\u5668\u7684JavaScript\u5e93\u3002\u8be5\u5e93\u7b80\u5316\u4e86HTML\u4e0eJavaScript\u4e4b\u95f4\u7684\u64cd\u4f5c\uff0c\u5e76\u5177\u6709\u6a21\u5757\u5316\u3001\u63d2\u4ef6\u6269\u5c55\u7b49\u7279\u70b9\u3002\n\njquery 1.9.0\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8eWEB\u5e94\u7528\u7f3a\u5c11\u5bf9\u5ba2\u6237\u7aef\u6570\u636e\u7684\u6b63\u786e\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u5ba2\u6237\u7aef\u4ee3\u7801\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://jquery.com/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2021-28270",
"openTime": "2021-04-14",
"patchDescription": "jQuery\u662f\u7f8e\u56fdJohn Resig\u7a0b\u5e8f\u5458\u7684\u4e00\u5957\u5f00\u6e90\u3001\u8de8\u6d4f\u89c8\u5668\u7684JavaScript\u5e93\u3002\u8be5\u5e93\u7b80\u5316\u4e86HTML\u4e0eJavaScript\u4e4b\u95f4\u7684\u64cd\u4f5c\uff0c\u5e76\u5177\u6709\u6a21\u5757\u5316\u3001\u63d2\u4ef6\u6269\u5c55\u7b49\u7279\u70b9\u3002\r\n\r\njquery 1.9.0\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8eWEB\u5e94\u7528\u7f3a\u5c11\u5bf9\u5ba2\u6237\u7aef\u6570\u636e\u7684\u6b63\u786e\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u5ba2\u6237\u7aef\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "jQuery\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2021-28270\uff09\u7684\u8865\u4e01",
"products": {
"product": "jQuery jQuery \u003c1.9.0"
},
"referenceLink": "https://snyk.io/vuln/SNYK-JS-JQUERY-569619",
"serverity": "\u4e2d",
"submitTime": "2020-05-20",
"title": "jQuery\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2021-28270\uff09"
}
RHSA-2021_4142
Vulnerability from csaf_redhat - Published: 2021-11-09 17:49 - Updated: 2024-11-15 09:43Summary
Red Hat Security Advisory: pcs security, bug fix, and enhancement update
Notes
Topic
An update for pcs is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.
The following packages have been upgraded to a later upstream version: pcs (0.10.10). (BZ#1935594)
Security Fix(es):
* jquery: Cross-site scripting (XSS) via <script> HTML tags containing whitespaces (CVE-2020-7656)
* jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods (CVE-2020-11023)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for pcs is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.\n\nThe following packages have been upgraded to a later upstream version: pcs (0.10.10). (BZ#1935594)\n\nSecurity Fix(es):\n\n* jquery: Cross-site scripting (XSS) via \u003cscript\u003e HTML tags containing whitespaces (CVE-2020-7656)\n\n* jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods (CVE-2020-11023)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:4142",
"url": "https://access.redhat.com/errata/RHSA-2021:4142"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#low",
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/"
},
{
"category": "external",
"summary": "1290830",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1290830"
},
{
"category": "external",
"summary": "1432097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432097"
},
{
"category": "external",
"summary": "1678273",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1678273"
},
{
"category": "external",
"summary": "1690419",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1690419"
},
{
"category": "external",
"summary": "1720221",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1720221"
},
{
"category": "external",
"summary": "1759995",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1759995"
},
{
"category": "external",
"summary": "1841019",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1841019"
},
{
"category": "external",
"summary": "1850004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004"
},
{
"category": "external",
"summary": "1850119",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850119"
},
{
"category": "external",
"summary": "1854238",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1854238"
},
{
"category": "external",
"summary": "1872378",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1872378"
},
{
"category": "external",
"summary": "1885293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1885293"
},
{
"category": "external",
"summary": "1885302",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1885302"
},
{
"category": "external",
"summary": "1896458",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1896458"
},
{
"category": "external",
"summary": "1909901",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909901"
},
{
"category": "external",
"summary": "1922996",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1922996"
},
{
"category": "external",
"summary": "1927384",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927384"
},
{
"category": "external",
"summary": "1927394",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927394"
},
{
"category": "external",
"summary": "1930886",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930886"
},
{
"category": "external",
"summary": "1935594",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935594"
},
{
"category": "external",
"summary": "1984901",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1984901"
},
{
"category": "external",
"summary": "1991654",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991654"
},
{
"category": "external",
"summary": "1992668",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992668"
},
{
"category": "external",
"summary": "1998454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1998454"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_4142.json"
}
],
"title": "Red Hat Security Advisory: pcs security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2024-11-15T09:43:03+00:00",
"generator": {
"date": "2024-11-15T09:43:03+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2021:4142",
"initial_release_date": "2021-11-09T17:49:34+00:00",
"revision_history": [
{
"date": "2021-11-09T17:49:34+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-11-09T17:49:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T09:43:03+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux High Availability (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux High Availability (v. 8)",
"product_id": "HighAvailability-8.5.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::highavailability"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Resilient Storage (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux Resilient Storage (v. 8)",
"product_id": "ResilientStorage-8.5.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::resilientstorage"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "pcs-0:0.10.10-4.el8.src",
"product": {
"name": "pcs-0:0.10.10-4.el8.src",
"product_id": "pcs-0:0.10.10-4.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs@0.10.10-4.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "pcs-0:0.10.10-4.el8.aarch64",
"product": {
"name": "pcs-0:0.10.10-4.el8.aarch64",
"product_id": "pcs-0:0.10.10-4.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs@0.10.10-4.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "pcs-snmp-0:0.10.10-4.el8.aarch64",
"product": {
"name": "pcs-snmp-0:0.10.10-4.el8.aarch64",
"product_id": "pcs-snmp-0:0.10.10-4.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs-snmp@0.10.10-4.el8?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "pcs-0:0.10.10-4.el8.ppc64le",
"product": {
"name": "pcs-0:0.10.10-4.el8.ppc64le",
"product_id": "pcs-0:0.10.10-4.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs@0.10.10-4.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "pcs-snmp-0:0.10.10-4.el8.ppc64le",
"product": {
"name": "pcs-snmp-0:0.10.10-4.el8.ppc64le",
"product_id": "pcs-snmp-0:0.10.10-4.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs-snmp@0.10.10-4.el8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "pcs-0:0.10.10-4.el8.x86_64",
"product": {
"name": "pcs-0:0.10.10-4.el8.x86_64",
"product_id": "pcs-0:0.10.10-4.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs@0.10.10-4.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pcs-snmp-0:0.10.10-4.el8.x86_64",
"product": {
"name": "pcs-snmp-0:0.10.10-4.el8.x86_64",
"product_id": "pcs-snmp-0:0.10.10-4.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs-snmp@0.10.10-4.el8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "pcs-0:0.10.10-4.el8.s390x",
"product": {
"name": "pcs-0:0.10.10-4.el8.s390x",
"product_id": "pcs-0:0.10.10-4.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs@0.10.10-4.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "pcs-snmp-0:0.10.10-4.el8.s390x",
"product": {
"name": "pcs-snmp-0:0.10.10-4.el8.s390x",
"product_id": "pcs-snmp-0:0.10.10-4.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs-snmp@0.10.10-4.el8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.10.10-4.el8.aarch64 as a component of Red Hat Enterprise Linux High Availability (v. 8)",
"product_id": "HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64"
},
"product_reference": "pcs-0:0.10.10-4.el8.aarch64",
"relates_to_product_reference": "HighAvailability-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.10.10-4.el8.ppc64le as a component of Red Hat Enterprise Linux High Availability (v. 8)",
"product_id": "HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le"
},
"product_reference": "pcs-0:0.10.10-4.el8.ppc64le",
"relates_to_product_reference": "HighAvailability-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.10.10-4.el8.s390x as a component of Red Hat Enterprise Linux High Availability (v. 8)",
"product_id": "HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x"
},
"product_reference": "pcs-0:0.10.10-4.el8.s390x",
"relates_to_product_reference": "HighAvailability-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.10.10-4.el8.src as a component of Red Hat Enterprise Linux High Availability (v. 8)",
"product_id": "HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.src"
},
"product_reference": "pcs-0:0.10.10-4.el8.src",
"relates_to_product_reference": "HighAvailability-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.10.10-4.el8.x86_64 as a component of Red Hat Enterprise Linux High Availability (v. 8)",
"product_id": "HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64"
},
"product_reference": "pcs-0:0.10.10-4.el8.x86_64",
"relates_to_product_reference": "HighAvailability-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-snmp-0:0.10.10-4.el8.aarch64 as a component of Red Hat Enterprise Linux High Availability (v. 8)",
"product_id": "HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64"
},
"product_reference": "pcs-snmp-0:0.10.10-4.el8.aarch64",
"relates_to_product_reference": "HighAvailability-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-snmp-0:0.10.10-4.el8.ppc64le as a component of Red Hat Enterprise Linux High Availability (v. 8)",
"product_id": "HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le"
},
"product_reference": "pcs-snmp-0:0.10.10-4.el8.ppc64le",
"relates_to_product_reference": "HighAvailability-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-snmp-0:0.10.10-4.el8.s390x as a component of Red Hat Enterprise Linux High Availability (v. 8)",
"product_id": "HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x"
},
"product_reference": "pcs-snmp-0:0.10.10-4.el8.s390x",
"relates_to_product_reference": "HighAvailability-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-snmp-0:0.10.10-4.el8.x86_64 as a component of Red Hat Enterprise Linux High Availability (v. 8)",
"product_id": "HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64"
},
"product_reference": "pcs-snmp-0:0.10.10-4.el8.x86_64",
"relates_to_product_reference": "HighAvailability-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.10.10-4.el8.aarch64 as a component of Red Hat Enterprise Linux Resilient Storage (v. 8)",
"product_id": "ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64"
},
"product_reference": "pcs-0:0.10.10-4.el8.aarch64",
"relates_to_product_reference": "ResilientStorage-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.10.10-4.el8.ppc64le as a component of Red Hat Enterprise Linux Resilient Storage (v. 8)",
"product_id": "ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le"
},
"product_reference": "pcs-0:0.10.10-4.el8.ppc64le",
"relates_to_product_reference": "ResilientStorage-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.10.10-4.el8.s390x as a component of Red Hat Enterprise Linux Resilient Storage (v. 8)",
"product_id": "ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x"
},
"product_reference": "pcs-0:0.10.10-4.el8.s390x",
"relates_to_product_reference": "ResilientStorage-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.10.10-4.el8.src as a component of Red Hat Enterprise Linux Resilient Storage (v. 8)",
"product_id": "ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.src"
},
"product_reference": "pcs-0:0.10.10-4.el8.src",
"relates_to_product_reference": "ResilientStorage-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.10.10-4.el8.x86_64 as a component of Red Hat Enterprise Linux Resilient Storage (v. 8)",
"product_id": "ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64"
},
"product_reference": "pcs-0:0.10.10-4.el8.x86_64",
"relates_to_product_reference": "ResilientStorage-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-snmp-0:0.10.10-4.el8.aarch64 as a component of Red Hat Enterprise Linux Resilient Storage (v. 8)",
"product_id": "ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64"
},
"product_reference": "pcs-snmp-0:0.10.10-4.el8.aarch64",
"relates_to_product_reference": "ResilientStorage-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-snmp-0:0.10.10-4.el8.ppc64le as a component of Red Hat Enterprise Linux Resilient Storage (v. 8)",
"product_id": "ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le"
},
"product_reference": "pcs-snmp-0:0.10.10-4.el8.ppc64le",
"relates_to_product_reference": "ResilientStorage-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-snmp-0:0.10.10-4.el8.s390x as a component of Red Hat Enterprise Linux Resilient Storage (v. 8)",
"product_id": "ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x"
},
"product_reference": "pcs-snmp-0:0.10.10-4.el8.s390x",
"relates_to_product_reference": "ResilientStorage-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-snmp-0:0.10.10-4.el8.x86_64 as a component of Red Hat Enterprise Linux Resilient Storage (v. 8)",
"product_id": "ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64"
},
"product_reference": "pcs-snmp-0:0.10.10-4.el8.x86_64",
"relates_to_product_reference": "ResilientStorage-8.5.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-11358",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-03-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1701972"
}
],
"notes": [
{
"category": "description",
"text": "A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.src",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.src",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-11358"
},
{
"category": "external",
"summary": "RHBZ#1701972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-11358",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358"
},
{
"category": "external",
"summary": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/",
"url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
},
{
"category": "external",
"summary": "https://www.drupal.org/sa-core-2019-006",
"url": "https://www.drupal.org/sa-core-2019-006"
}
],
"release_date": "2019-03-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-09T17:49:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.src",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.src",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4142"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.src",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.src",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection"
},
{
"cve": "CVE-2020-7656",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-06-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1850119"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jquery in versions prior to 1.9.0. A cross-site scripting attack is possible as the load method fails to recognize and remove \"\u003cscript\u003e\" HTML tags that contain a whitespace character which results in the enclosed script logic to be executed. The highest threat from this vulnerability is to data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting (XSS) via \u003cscript\u003e HTML tags containing whitespaces",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux version 6, 7 and 8 ship a vulnerable version of JQuery in the `pcs` component. However the vulnerable has not been found to be exploitable in reasonable scenarios. A future update may update JQuery to a fixed version.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.src",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.src",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-7656"
},
{
"category": "external",
"summary": "RHBZ#1850119",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850119"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-7656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7656"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-7656",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7656"
}
],
"release_date": "2020-05-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-09T17:49:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.src",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.src",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4142"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.src",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.src",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jquery: Cross-site scripting (XSS) via \u003cscript\u003e HTML tags containing whitespaces"
},
{
"cve": "CVE-2020-11023",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-06-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1850004"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery\u0027s DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux versions 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. However, the vulnerability has not been found to be exploitable in reasonable scenarios. \n\nIn RHEL7, pcs-0.9.169-3.el7_9.3 [RHSA-2022:7343] contains an updated version of jquery (3.6.0), which does not contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.src",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.src",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11023"
},
{
"category": "external",
"summary": "RHBZ#1850004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023"
},
{
"category": "external",
"summary": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/",
"url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"
}
],
"release_date": "2020-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-09T17:49:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.src",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.src",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4142"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.src",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.src",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods"
}
]
}
RHSA-2020:4211
Vulnerability from csaf_redhat - Published: 2020-10-08 07:01 - Updated: 2025-11-21 18:17Summary
Red Hat Security Advisory: Red Hat AMQ Interconnect 1.9.0 release and security update
Notes
Topic
Red Hat AMQ Interconnect 1.9.0 release packages are available for A-MQ Interconnect on RHEL 6, 7, and 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat AMQ Interconnect is a component of the AMQ 7 product family. AMQ Interconnect provides flexible routing of messages between AMQP-enabled endpoints, whether they are clients, servers, brokers, or any other entity that can send or receive standard AMQP messages.
This release of Red Hat AMQ Interconnect 1.9.0 serves as a replacement for Red Hat AMQ Interconnect 1.8.0 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.
Security Fix(es):
* jQuery: allows XSS via the load method (CVE-2020-7656)
* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
* jQuery: passing HTML containing <option> elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat AMQ Interconnect 1.9.0 release packages are available for A-MQ Interconnect on RHEL 6, 7, and 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat AMQ Interconnect is a component of the AMQ 7 product family. AMQ Interconnect provides flexible routing of messages between AMQP-enabled endpoints, whether they are clients, servers, brokers, or any other entity that can send or receive standard AMQP messages.\n\nThis release of Red Hat AMQ Interconnect 1.9.0 serves as a replacement for Red Hat AMQ Interconnect 1.8.0 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* jQuery: allows XSS via the load method (CVE-2020-7656)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n\n* jQuery: passing HTML containing \u003coption\u003e elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:4211",
"url": "https://access.redhat.com/errata/RHSA-2020:4211"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.amq.interconnect\u0026downloadType=distributions\u0026version=1.9.0",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.amq.interconnect\u0026downloadType=distributions\u0026version=1.9.0"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_amq/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_amq/"
},
{
"category": "external",
"summary": "1828406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
},
{
"category": "external",
"summary": "1850004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004"
},
{
"category": "external",
"summary": "1850119",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850119"
},
{
"category": "external",
"summary": "ENTMQIC-2448",
"url": "https://issues.redhat.com/browse/ENTMQIC-2448"
},
{
"category": "external",
"summary": "ENTMQIC-2455",
"url": "https://issues.redhat.com/browse/ENTMQIC-2455"
},
{
"category": "external",
"summary": "ENTMQIC-2460",
"url": "https://issues.redhat.com/browse/ENTMQIC-2460"
},
{
"category": "external",
"summary": "ENTMQIC-2481",
"url": "https://issues.redhat.com/browse/ENTMQIC-2481"
},
{
"category": "external",
"summary": "ENTMQIC-2485",
"url": "https://issues.redhat.com/browse/ENTMQIC-2485"
},
{
"category": "external",
"summary": "ENTMQIC-2492",
"url": "https://issues.redhat.com/browse/ENTMQIC-2492"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_4211.json"
}
],
"title": "Red Hat Security Advisory: Red Hat AMQ Interconnect 1.9.0 release and security update",
"tracking": {
"current_release_date": "2025-11-21T18:17:28+00:00",
"generator": {
"date": "2025-11-21T18:17:28+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2020:4211",
"initial_release_date": "2020-10-08T07:01:31+00:00",
"revision_history": [
{
"date": "2020-10-08T07:01:31+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-10-08T07:01:31+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:17:28+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat AMQ Interconnect 1",
"product": {
"name": "Red Hat AMQ Interconnect 1",
"product_id": "7ComputeNode-RH7-A-MQ-Interconnect-1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:amq_interconnect:1::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat AMQ Interconnect 1",
"product": {
"name": "Red Hat AMQ Interconnect 1",
"product_id": "7Server-RH7-A-MQ-Interconnect-1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:amq_interconnect:1::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat AMQ Interconnect 1",
"product": {
"name": "Red Hat AMQ Interconnect 1",
"product_id": "7Workstation-RH7-A-MQ-Interconnect-1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:amq_interconnect:1::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat AMQ Interconnect 1",
"product": {
"name": "Red Hat AMQ Interconnect 1",
"product_id": "6ComputeNode-RH6-A-MQ-Interconnect-1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:amq_interconnect:1::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat AMQ Interconnect 1",
"product": {
"name": "Red Hat AMQ Interconnect 1",
"product_id": "6Server-RH6-A-MQ-Interconnect-1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:amq_interconnect:1::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat AMQ Interconnect 1",
"product": {
"name": "Red Hat AMQ Interconnect 1",
"product_id": "6Workstation-RH6-A-MQ-Interconnect-1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:amq_interconnect:1::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat AMQ Interconnect 1",
"product": {
"name": "Red Hat AMQ Interconnect 1",
"product_id": "8Base-A-MQ-Interconnect-1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:amq_interconnect:1::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss AMQ Interconnect"
},
{
"branches": [
{
"category": "product_version",
"name": "qpid-dispatch-0:1.13.0-3.el7.src",
"product": {
"name": "qpid-dispatch-0:1.13.0-3.el7.src",
"product_id": "qpid-dispatch-0:1.13.0-3.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch@1.13.0-3.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "qpid-dispatch-0:1.13.0-3.el6_10.src",
"product": {
"name": "qpid-dispatch-0:1.13.0-3.el6_10.src",
"product_id": "qpid-dispatch-0:1.13.0-3.el6_10.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch@1.13.0-3.el6_10?arch=src"
}
}
},
{
"category": "product_version",
"name": "qpid-dispatch-0:1.13.0-3.el8.src",
"product": {
"name": "qpid-dispatch-0:1.13.0-3.el8.src",
"product_id": "qpid-dispatch-0:1.13.0-3.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch@1.13.0-3.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"product": {
"name": "qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"product_id": "qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch-console@1.13.0-3.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"product": {
"name": "qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"product_id": "qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch-docs@1.13.0-3.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"product": {
"name": "qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"product_id": "qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch-tools@1.13.0-3.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"product": {
"name": "qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"product_id": "qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch-console@1.13.0-3.el6_10?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"product": {
"name": "qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"product_id": "qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch-docs@1.13.0-3.el6_10?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"product": {
"name": "qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"product_id": "qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch-tools@1.13.0-3.el6_10?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "qpid-dispatch-console-0:1.13.0-3.el8.noarch",
"product": {
"name": "qpid-dispatch-console-0:1.13.0-3.el8.noarch",
"product_id": "qpid-dispatch-console-0:1.13.0-3.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch-console@1.13.0-3.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "qpid-dispatch-docs-0:1.13.0-3.el8.noarch",
"product": {
"name": "qpid-dispatch-docs-0:1.13.0-3.el8.noarch",
"product_id": "qpid-dispatch-docs-0:1.13.0-3.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch-docs@1.13.0-3.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "qpid-dispatch-tools-0:1.13.0-3.el8.noarch",
"product": {
"name": "qpid-dispatch-tools-0:1.13.0-3.el8.noarch",
"product_id": "qpid-dispatch-tools-0:1.13.0-3.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch-tools@1.13.0-3.el8?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"product": {
"name": "qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"product_id": "qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch-router@1.13.0-3.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"product": {
"name": "qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"product_id": "qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch-debuginfo@1.13.0-3.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"product": {
"name": "qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"product_id": "qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch-router@1.13.0-3.el6_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"product": {
"name": "qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"product_id": "qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch-debuginfo@1.13.0-3.el6_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "qpid-dispatch-router-0:1.13.0-3.el8.x86_64",
"product": {
"name": "qpid-dispatch-router-0:1.13.0-3.el8.x86_64",
"product_id": "qpid-dispatch-router-0:1.13.0-3.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch-router@1.13.0-3.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "qpid-dispatch-debugsource-0:1.13.0-3.el8.x86_64",
"product": {
"name": "qpid-dispatch-debugsource-0:1.13.0-3.el8.x86_64",
"product_id": "qpid-dispatch-debugsource-0:1.13.0-3.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch-debugsource@1.13.0-3.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "qpid-dispatch-router-debuginfo-0:1.13.0-3.el8.x86_64",
"product": {
"name": "qpid-dispatch-router-debuginfo-0:1.13.0-3.el8.x86_64",
"product_id": "qpid-dispatch-router-debuginfo-0:1.13.0-3.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch-router-debuginfo@1.13.0-3.el8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"product": {
"name": "qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"product_id": "qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch-router@1.13.0-3.el6_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"product": {
"name": "qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"product_id": "qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch-debuginfo@1.13.0-3.el6_10?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-0:1.13.0-3.el6_10.src as a component of Red Hat AMQ Interconnect 1",
"product_id": "6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src"
},
"product_reference": "qpid-dispatch-0:1.13.0-3.el6_10.src",
"relates_to_product_reference": "6ComputeNode-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-console-0:1.13.0-3.el6_10.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch"
},
"product_reference": "qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"relates_to_product_reference": "6ComputeNode-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686 as a component of Red Hat AMQ Interconnect 1",
"product_id": "6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686"
},
"product_reference": "qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"relates_to_product_reference": "6ComputeNode-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64 as a component of Red Hat AMQ Interconnect 1",
"product_id": "6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64"
},
"product_reference": "qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"relates_to_product_reference": "6ComputeNode-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch"
},
"product_reference": "qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"relates_to_product_reference": "6ComputeNode-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-router-0:1.13.0-3.el6_10.i686 as a component of Red Hat AMQ Interconnect 1",
"product_id": "6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686"
},
"product_reference": "qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"relates_to_product_reference": "6ComputeNode-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64 as a component of Red Hat AMQ Interconnect 1",
"product_id": "6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64"
},
"product_reference": "qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"relates_to_product_reference": "6ComputeNode-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch"
},
"product_reference": "qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"relates_to_product_reference": "6ComputeNode-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-0:1.13.0-3.el6_10.src as a component of Red Hat AMQ Interconnect 1",
"product_id": "6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src"
},
"product_reference": "qpid-dispatch-0:1.13.0-3.el6_10.src",
"relates_to_product_reference": "6Server-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-console-0:1.13.0-3.el6_10.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch"
},
"product_reference": "qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"relates_to_product_reference": "6Server-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686 as a component of Red Hat AMQ Interconnect 1",
"product_id": "6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686"
},
"product_reference": "qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"relates_to_product_reference": "6Server-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64 as a component of Red Hat AMQ Interconnect 1",
"product_id": "6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64"
},
"product_reference": "qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"relates_to_product_reference": "6Server-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch"
},
"product_reference": "qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"relates_to_product_reference": "6Server-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-router-0:1.13.0-3.el6_10.i686 as a component of Red Hat AMQ Interconnect 1",
"product_id": "6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686"
},
"product_reference": "qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"relates_to_product_reference": "6Server-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64 as a component of Red Hat AMQ Interconnect 1",
"product_id": "6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64"
},
"product_reference": "qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"relates_to_product_reference": "6Server-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch"
},
"product_reference": "qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"relates_to_product_reference": "6Server-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-0:1.13.0-3.el6_10.src as a component of Red Hat AMQ Interconnect 1",
"product_id": "6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src"
},
"product_reference": "qpid-dispatch-0:1.13.0-3.el6_10.src",
"relates_to_product_reference": "6Workstation-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-console-0:1.13.0-3.el6_10.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch"
},
"product_reference": "qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"relates_to_product_reference": "6Workstation-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686 as a component of Red Hat AMQ Interconnect 1",
"product_id": "6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686"
},
"product_reference": "qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"relates_to_product_reference": "6Workstation-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64 as a component of Red Hat AMQ Interconnect 1",
"product_id": "6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64"
},
"product_reference": "qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"relates_to_product_reference": "6Workstation-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch"
},
"product_reference": "qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"relates_to_product_reference": "6Workstation-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-router-0:1.13.0-3.el6_10.i686 as a component of Red Hat AMQ Interconnect 1",
"product_id": "6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686"
},
"product_reference": "qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"relates_to_product_reference": "6Workstation-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64 as a component of Red Hat AMQ Interconnect 1",
"product_id": "6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64"
},
"product_reference": "qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"relates_to_product_reference": "6Workstation-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch"
},
"product_reference": "qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"relates_to_product_reference": "6Workstation-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-0:1.13.0-3.el7.src as a component of Red Hat AMQ Interconnect 1",
"product_id": "7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src"
},
"product_reference": "qpid-dispatch-0:1.13.0-3.el7.src",
"relates_to_product_reference": "7ComputeNode-RH7-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-console-0:1.13.0-3.el7.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch"
},
"product_reference": "qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"relates_to_product_reference": "7ComputeNode-RH7-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64 as a component of Red Hat AMQ Interconnect 1",
"product_id": "7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64"
},
"product_reference": "qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-RH7-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-docs-0:1.13.0-3.el7.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch"
},
"product_reference": "qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"relates_to_product_reference": "7ComputeNode-RH7-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-router-0:1.13.0-3.el7.x86_64 as a component of Red Hat AMQ Interconnect 1",
"product_id": "7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64"
},
"product_reference": "qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-RH7-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-tools-0:1.13.0-3.el7.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch"
},
"product_reference": "qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"relates_to_product_reference": "7ComputeNode-RH7-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-0:1.13.0-3.el7.src as a component of Red Hat AMQ Interconnect 1",
"product_id": "7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src"
},
"product_reference": "qpid-dispatch-0:1.13.0-3.el7.src",
"relates_to_product_reference": "7Server-RH7-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-console-0:1.13.0-3.el7.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch"
},
"product_reference": "qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"relates_to_product_reference": "7Server-RH7-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64 as a component of Red Hat AMQ Interconnect 1",
"product_id": "7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64"
},
"product_reference": "qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-docs-0:1.13.0-3.el7.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch"
},
"product_reference": "qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"relates_to_product_reference": "7Server-RH7-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-router-0:1.13.0-3.el7.x86_64 as a component of Red Hat AMQ Interconnect 1",
"product_id": "7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64"
},
"product_reference": "qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-tools-0:1.13.0-3.el7.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch"
},
"product_reference": "qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"relates_to_product_reference": "7Server-RH7-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-0:1.13.0-3.el7.src as a component of Red Hat AMQ Interconnect 1",
"product_id": "7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src"
},
"product_reference": "qpid-dispatch-0:1.13.0-3.el7.src",
"relates_to_product_reference": "7Workstation-RH7-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-console-0:1.13.0-3.el7.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch"
},
"product_reference": "qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"relates_to_product_reference": "7Workstation-RH7-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64 as a component of Red Hat AMQ Interconnect 1",
"product_id": "7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64"
},
"product_reference": "qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"relates_to_product_reference": "7Workstation-RH7-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-docs-0:1.13.0-3.el7.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch"
},
"product_reference": "qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"relates_to_product_reference": "7Workstation-RH7-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-router-0:1.13.0-3.el7.x86_64 as a component of Red Hat AMQ Interconnect 1",
"product_id": "7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64"
},
"product_reference": "qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"relates_to_product_reference": "7Workstation-RH7-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-tools-0:1.13.0-3.el7.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch"
},
"product_reference": "qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"relates_to_product_reference": "7Workstation-RH7-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-0:1.13.0-3.el8.src as a component of Red Hat AMQ Interconnect 1",
"product_id": "8Base-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el8.src"
},
"product_reference": "qpid-dispatch-0:1.13.0-3.el8.src",
"relates_to_product_reference": "8Base-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-console-0:1.13.0-3.el8.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "8Base-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el8.noarch"
},
"product_reference": "qpid-dispatch-console-0:1.13.0-3.el8.noarch",
"relates_to_product_reference": "8Base-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-debugsource-0:1.13.0-3.el8.x86_64 as a component of Red Hat AMQ Interconnect 1",
"product_id": "8Base-A-MQ-Interconnect-1:qpid-dispatch-debugsource-0:1.13.0-3.el8.x86_64"
},
"product_reference": "qpid-dispatch-debugsource-0:1.13.0-3.el8.x86_64",
"relates_to_product_reference": "8Base-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-docs-0:1.13.0-3.el8.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "8Base-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el8.noarch"
},
"product_reference": "qpid-dispatch-docs-0:1.13.0-3.el8.noarch",
"relates_to_product_reference": "8Base-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-router-0:1.13.0-3.el8.x86_64 as a component of Red Hat AMQ Interconnect 1",
"product_id": "8Base-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el8.x86_64"
},
"product_reference": "qpid-dispatch-router-0:1.13.0-3.el8.x86_64",
"relates_to_product_reference": "8Base-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-router-debuginfo-0:1.13.0-3.el8.x86_64 as a component of Red Hat AMQ Interconnect 1",
"product_id": "8Base-A-MQ-Interconnect-1:qpid-dispatch-router-debuginfo-0:1.13.0-3.el8.x86_64"
},
"product_reference": "qpid-dispatch-router-debuginfo-0:1.13.0-3.el8.x86_64",
"relates_to_product_reference": "8Base-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-tools-0:1.13.0-3.el8.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "8Base-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el8.noarch"
},
"product_reference": "qpid-dispatch-tools-0:1.13.0-3.el8.noarch",
"relates_to_product_reference": "8Base-A-MQ-Interconnect-1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-7656",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-06-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1850119"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jquery in versions prior to 1.9.0. A cross-site scripting attack is possible as the load method fails to recognize and remove \"\u003cscript\u003e\" HTML tags that contain a whitespace character which results in the enclosed script logic to be executed. The highest threat from this vulnerability is to data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting (XSS) via \u003cscript\u003e HTML tags containing whitespaces",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux version 6, 7 and 8 ship a vulnerable version of JQuery in the `pcs` component. However the vulnerable has not been found to be exploitable in reasonable scenarios. A future update may update JQuery to a fixed version.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el8.src",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el8.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-debugsource-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el8.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-router-debuginfo-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el8.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-7656"
},
{
"category": "external",
"summary": "RHBZ#1850119",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850119"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-7656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7656"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-7656",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7656"
}
],
"release_date": "2020-05-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-10-08T07:01:31+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el8.src",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el8.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-debugsource-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el8.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-router-debuginfo-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el8.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el8.src",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el8.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-debugsource-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el8.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-router-debuginfo-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el8.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Cross-site scripting (XSS) via \u003cscript\u003e HTML tags containing whitespaces"
},
{
"cve": "CVE-2020-11022",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-04-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1828406"
}
],
"notes": [
{
"category": "description",
"text": "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the \u2018HTML\u2019 function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el8.src",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el8.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-debugsource-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el8.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-router-debuginfo-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el8.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11022"
},
{
"category": "external",
"summary": "RHBZ#1828406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2",
"url": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2"
}
],
"release_date": "2020-04-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-10-08T07:01:31+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el8.src",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el8.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-debugsource-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el8.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-router-debuginfo-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el8.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el8.src",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el8.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-debugsource-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el8.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-router-debuginfo-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el8.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method"
},
{
"cve": "CVE-2020-11023",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-06-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1850004"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery\u0027s DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux versions 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. As PCS does not accept untrusted input, the vulnerable code cannot be controlled by an attacker.\n\nMultiple Red Hat offerings use doxygen to build documentation. During this process an affected jquery.js file can be included in the resulting package. The \u0027gcc\u0027 and \u0027tbb\u0027 packages were potentially vulnerable via this method.\n\nOpenShift Container Platform 4 is not affected because even though it uses the \u0027gcc\u0027 component, vulnerable code is limited within the libstdc++-docs rpm package, which is not shipped.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nStatic code analysis controls ensure that security flaws, including XSS vulnerabilities, are detected early in development by scanning code for improper input handling. This prevents vulnerable code from reaching production and encourages our developers to follow secure coding practices. System monitoring controls play a crucial role in detecting and responding to XSS attacks by analyzing logs, monitoring user behavior, and generating alerts for suspicious activity. Meanwhile, AWS WAF (Web Application Firewall) adds an extra layer of defense by filtering and blocking malicious input before it reaches the platform and/or application. Together, these controls create a defense-in-depth approach, reducing the risk of XSS exploitation by preventing, detecting, and mitigating attacks at multiple levels.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el8.src",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el8.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-debugsource-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el8.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-router-debuginfo-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el8.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11023"
},
{
"category": "external",
"summary": "RHBZ#1850004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023"
},
{
"category": "external",
"summary": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/",
"url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2020-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-10-08T07:01:31+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el8.src",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el8.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-debugsource-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el8.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-router-debuginfo-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el8.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4211"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el8.src",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el8.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-debugsource-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el8.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-router-debuginfo-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el8.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el8.src",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el8.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-debugsource-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el8.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-router-debuginfo-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el8.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2025-01-23T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods"
}
]
}
RHSA-2021:4142
Vulnerability from csaf_redhat - Published: 2021-11-09 17:49 - Updated: 2025-11-21 18:26Summary
Red Hat Security Advisory: pcs security, bug fix, and enhancement update
Notes
Topic
An update for pcs is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.
The following packages have been upgraded to a later upstream version: pcs (0.10.10). (BZ#1935594)
Security Fix(es):
* jquery: Cross-site scripting (XSS) via <script> HTML tags containing whitespaces (CVE-2020-7656)
* jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods (CVE-2020-11023)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for pcs is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.\n\nThe following packages have been upgraded to a later upstream version: pcs (0.10.10). (BZ#1935594)\n\nSecurity Fix(es):\n\n* jquery: Cross-site scripting (XSS) via \u003cscript\u003e HTML tags containing whitespaces (CVE-2020-7656)\n\n* jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods (CVE-2020-11023)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:4142",
"url": "https://access.redhat.com/errata/RHSA-2021:4142"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#low",
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/"
},
{
"category": "external",
"summary": "1290830",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1290830"
},
{
"category": "external",
"summary": "1432097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432097"
},
{
"category": "external",
"summary": "1678273",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1678273"
},
{
"category": "external",
"summary": "1690419",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1690419"
},
{
"category": "external",
"summary": "1720221",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1720221"
},
{
"category": "external",
"summary": "1759995",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1759995"
},
{
"category": "external",
"summary": "1841019",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1841019"
},
{
"category": "external",
"summary": "1850004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004"
},
{
"category": "external",
"summary": "1850119",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850119"
},
{
"category": "external",
"summary": "1854238",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1854238"
},
{
"category": "external",
"summary": "1872378",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1872378"
},
{
"category": "external",
"summary": "1885293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1885293"
},
{
"category": "external",
"summary": "1885302",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1885302"
},
{
"category": "external",
"summary": "1896458",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1896458"
},
{
"category": "external",
"summary": "1909901",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909901"
},
{
"category": "external",
"summary": "1922996",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1922996"
},
{
"category": "external",
"summary": "1927384",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927384"
},
{
"category": "external",
"summary": "1927394",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927394"
},
{
"category": "external",
"summary": "1930886",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930886"
},
{
"category": "external",
"summary": "1935594",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935594"
},
{
"category": "external",
"summary": "1984901",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1984901"
},
{
"category": "external",
"summary": "1991654",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991654"
},
{
"category": "external",
"summary": "1992668",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992668"
},
{
"category": "external",
"summary": "1998454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1998454"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_4142.json"
}
],
"title": "Red Hat Security Advisory: pcs security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2025-11-21T18:26:10+00:00",
"generator": {
"date": "2025-11-21T18:26:10+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2021:4142",
"initial_release_date": "2021-11-09T17:49:34+00:00",
"revision_history": [
{
"date": "2021-11-09T17:49:34+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-11-09T17:49:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:26:10+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux High Availability (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux High Availability (v. 8)",
"product_id": "HighAvailability-8.5.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::highavailability"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Resilient Storage (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux Resilient Storage (v. 8)",
"product_id": "ResilientStorage-8.5.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::resilientstorage"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "pcs-0:0.10.10-4.el8.src",
"product": {
"name": "pcs-0:0.10.10-4.el8.src",
"product_id": "pcs-0:0.10.10-4.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs@0.10.10-4.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "pcs-0:0.10.10-4.el8.aarch64",
"product": {
"name": "pcs-0:0.10.10-4.el8.aarch64",
"product_id": "pcs-0:0.10.10-4.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs@0.10.10-4.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "pcs-snmp-0:0.10.10-4.el8.aarch64",
"product": {
"name": "pcs-snmp-0:0.10.10-4.el8.aarch64",
"product_id": "pcs-snmp-0:0.10.10-4.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs-snmp@0.10.10-4.el8?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "pcs-0:0.10.10-4.el8.ppc64le",
"product": {
"name": "pcs-0:0.10.10-4.el8.ppc64le",
"product_id": "pcs-0:0.10.10-4.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs@0.10.10-4.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "pcs-snmp-0:0.10.10-4.el8.ppc64le",
"product": {
"name": "pcs-snmp-0:0.10.10-4.el8.ppc64le",
"product_id": "pcs-snmp-0:0.10.10-4.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs-snmp@0.10.10-4.el8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "pcs-0:0.10.10-4.el8.x86_64",
"product": {
"name": "pcs-0:0.10.10-4.el8.x86_64",
"product_id": "pcs-0:0.10.10-4.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs@0.10.10-4.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pcs-snmp-0:0.10.10-4.el8.x86_64",
"product": {
"name": "pcs-snmp-0:0.10.10-4.el8.x86_64",
"product_id": "pcs-snmp-0:0.10.10-4.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs-snmp@0.10.10-4.el8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "pcs-0:0.10.10-4.el8.s390x",
"product": {
"name": "pcs-0:0.10.10-4.el8.s390x",
"product_id": "pcs-0:0.10.10-4.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs@0.10.10-4.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "pcs-snmp-0:0.10.10-4.el8.s390x",
"product": {
"name": "pcs-snmp-0:0.10.10-4.el8.s390x",
"product_id": "pcs-snmp-0:0.10.10-4.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs-snmp@0.10.10-4.el8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.10.10-4.el8.aarch64 as a component of Red Hat Enterprise Linux High Availability (v. 8)",
"product_id": "HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64"
},
"product_reference": "pcs-0:0.10.10-4.el8.aarch64",
"relates_to_product_reference": "HighAvailability-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.10.10-4.el8.ppc64le as a component of Red Hat Enterprise Linux High Availability (v. 8)",
"product_id": "HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le"
},
"product_reference": "pcs-0:0.10.10-4.el8.ppc64le",
"relates_to_product_reference": "HighAvailability-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.10.10-4.el8.s390x as a component of Red Hat Enterprise Linux High Availability (v. 8)",
"product_id": "HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x"
},
"product_reference": "pcs-0:0.10.10-4.el8.s390x",
"relates_to_product_reference": "HighAvailability-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.10.10-4.el8.src as a component of Red Hat Enterprise Linux High Availability (v. 8)",
"product_id": "HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.src"
},
"product_reference": "pcs-0:0.10.10-4.el8.src",
"relates_to_product_reference": "HighAvailability-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.10.10-4.el8.x86_64 as a component of Red Hat Enterprise Linux High Availability (v. 8)",
"product_id": "HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64"
},
"product_reference": "pcs-0:0.10.10-4.el8.x86_64",
"relates_to_product_reference": "HighAvailability-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-snmp-0:0.10.10-4.el8.aarch64 as a component of Red Hat Enterprise Linux High Availability (v. 8)",
"product_id": "HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64"
},
"product_reference": "pcs-snmp-0:0.10.10-4.el8.aarch64",
"relates_to_product_reference": "HighAvailability-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-snmp-0:0.10.10-4.el8.ppc64le as a component of Red Hat Enterprise Linux High Availability (v. 8)",
"product_id": "HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le"
},
"product_reference": "pcs-snmp-0:0.10.10-4.el8.ppc64le",
"relates_to_product_reference": "HighAvailability-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-snmp-0:0.10.10-4.el8.s390x as a component of Red Hat Enterprise Linux High Availability (v. 8)",
"product_id": "HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x"
},
"product_reference": "pcs-snmp-0:0.10.10-4.el8.s390x",
"relates_to_product_reference": "HighAvailability-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-snmp-0:0.10.10-4.el8.x86_64 as a component of Red Hat Enterprise Linux High Availability (v. 8)",
"product_id": "HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64"
},
"product_reference": "pcs-snmp-0:0.10.10-4.el8.x86_64",
"relates_to_product_reference": "HighAvailability-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.10.10-4.el8.aarch64 as a component of Red Hat Enterprise Linux Resilient Storage (v. 8)",
"product_id": "ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64"
},
"product_reference": "pcs-0:0.10.10-4.el8.aarch64",
"relates_to_product_reference": "ResilientStorage-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.10.10-4.el8.ppc64le as a component of Red Hat Enterprise Linux Resilient Storage (v. 8)",
"product_id": "ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le"
},
"product_reference": "pcs-0:0.10.10-4.el8.ppc64le",
"relates_to_product_reference": "ResilientStorage-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.10.10-4.el8.s390x as a component of Red Hat Enterprise Linux Resilient Storage (v. 8)",
"product_id": "ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x"
},
"product_reference": "pcs-0:0.10.10-4.el8.s390x",
"relates_to_product_reference": "ResilientStorage-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.10.10-4.el8.src as a component of Red Hat Enterprise Linux Resilient Storage (v. 8)",
"product_id": "ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.src"
},
"product_reference": "pcs-0:0.10.10-4.el8.src",
"relates_to_product_reference": "ResilientStorage-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.10.10-4.el8.x86_64 as a component of Red Hat Enterprise Linux Resilient Storage (v. 8)",
"product_id": "ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64"
},
"product_reference": "pcs-0:0.10.10-4.el8.x86_64",
"relates_to_product_reference": "ResilientStorage-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-snmp-0:0.10.10-4.el8.aarch64 as a component of Red Hat Enterprise Linux Resilient Storage (v. 8)",
"product_id": "ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64"
},
"product_reference": "pcs-snmp-0:0.10.10-4.el8.aarch64",
"relates_to_product_reference": "ResilientStorage-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-snmp-0:0.10.10-4.el8.ppc64le as a component of Red Hat Enterprise Linux Resilient Storage (v. 8)",
"product_id": "ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le"
},
"product_reference": "pcs-snmp-0:0.10.10-4.el8.ppc64le",
"relates_to_product_reference": "ResilientStorage-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-snmp-0:0.10.10-4.el8.s390x as a component of Red Hat Enterprise Linux Resilient Storage (v. 8)",
"product_id": "ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x"
},
"product_reference": "pcs-snmp-0:0.10.10-4.el8.s390x",
"relates_to_product_reference": "ResilientStorage-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-snmp-0:0.10.10-4.el8.x86_64 as a component of Red Hat Enterprise Linux Resilient Storage (v. 8)",
"product_id": "ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64"
},
"product_reference": "pcs-snmp-0:0.10.10-4.el8.x86_64",
"relates_to_product_reference": "ResilientStorage-8.5.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-11358",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-03-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1701972"
}
],
"notes": [
{
"category": "description",
"text": "A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.src",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.src",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-11358"
},
{
"category": "external",
"summary": "RHBZ#1701972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-11358",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358"
},
{
"category": "external",
"summary": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/",
"url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
},
{
"category": "external",
"summary": "https://www.drupal.org/sa-core-2019-006",
"url": "https://www.drupal.org/sa-core-2019-006"
}
],
"release_date": "2019-03-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-09T17:49:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.src",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.src",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4142"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.src",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.src",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection"
},
{
"cve": "CVE-2020-7656",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-06-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1850119"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jquery in versions prior to 1.9.0. A cross-site scripting attack is possible as the load method fails to recognize and remove \"\u003cscript\u003e\" HTML tags that contain a whitespace character which results in the enclosed script logic to be executed. The highest threat from this vulnerability is to data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting (XSS) via \u003cscript\u003e HTML tags containing whitespaces",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux version 6, 7 and 8 ship a vulnerable version of JQuery in the `pcs` component. However the vulnerable has not been found to be exploitable in reasonable scenarios. A future update may update JQuery to a fixed version.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.src",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.src",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-7656"
},
{
"category": "external",
"summary": "RHBZ#1850119",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850119"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-7656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7656"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-7656",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7656"
}
],
"release_date": "2020-05-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-09T17:49:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.src",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.src",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4142"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.src",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.src",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jquery: Cross-site scripting (XSS) via \u003cscript\u003e HTML tags containing whitespaces"
},
{
"cve": "CVE-2020-11023",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-06-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1850004"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery\u0027s DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux versions 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. As PCS does not accept untrusted input, the vulnerable code cannot be controlled by an attacker.\n\nMultiple Red Hat offerings use doxygen to build documentation. During this process an affected jquery.js file can be included in the resulting package. The \u0027gcc\u0027 and \u0027tbb\u0027 packages were potentially vulnerable via this method.\n\nOpenShift Container Platform 4 is not affected because even though it uses the \u0027gcc\u0027 component, vulnerable code is limited within the libstdc++-docs rpm package, which is not shipped.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nStatic code analysis controls ensure that security flaws, including XSS vulnerabilities, are detected early in development by scanning code for improper input handling. This prevents vulnerable code from reaching production and encourages our developers to follow secure coding practices. System monitoring controls play a crucial role in detecting and responding to XSS attacks by analyzing logs, monitoring user behavior, and generating alerts for suspicious activity. Meanwhile, AWS WAF (Web Application Firewall) adds an extra layer of defense by filtering and blocking malicious input before it reaches the platform and/or application. Together, these controls create a defense-in-depth approach, reducing the risk of XSS exploitation by preventing, detecting, and mitigating attacks at multiple levels.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.src",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.src",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11023"
},
{
"category": "external",
"summary": "RHBZ#1850004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023"
},
{
"category": "external",
"summary": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/",
"url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2020-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-09T17:49:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.src",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.src",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4142"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.src",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.src",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.src",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.src",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2025-01-23T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods"
}
]
}
RHSA-2020_4211
Vulnerability from csaf_redhat - Published: 2020-10-08 07:01 - Updated: 2024-11-15 09:37Summary
Red Hat Security Advisory: Red Hat AMQ Interconnect 1.9.0 release and security update
Notes
Topic
Red Hat AMQ Interconnect 1.9.0 release packages are available for A-MQ Interconnect on RHEL 6, 7, and 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat AMQ Interconnect is a component of the AMQ 7 product family. AMQ Interconnect provides flexible routing of messages between AMQP-enabled endpoints, whether they are clients, servers, brokers, or any other entity that can send or receive standard AMQP messages.
This release of Red Hat AMQ Interconnect 1.9.0 serves as a replacement for Red Hat AMQ Interconnect 1.8.0 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.
Security Fix(es):
* jQuery: allows XSS via the load method (CVE-2020-7656)
* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
* jQuery: passing HTML containing <option> elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat AMQ Interconnect 1.9.0 release packages are available for A-MQ Interconnect on RHEL 6, 7, and 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat AMQ Interconnect is a component of the AMQ 7 product family. AMQ Interconnect provides flexible routing of messages between AMQP-enabled endpoints, whether they are clients, servers, brokers, or any other entity that can send or receive standard AMQP messages.\n\nThis release of Red Hat AMQ Interconnect 1.9.0 serves as a replacement for Red Hat AMQ Interconnect 1.8.0 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* jQuery: allows XSS via the load method (CVE-2020-7656)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n\n* jQuery: passing HTML containing \u003coption\u003e elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:4211",
"url": "https://access.redhat.com/errata/RHSA-2020:4211"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.amq.interconnect\u0026downloadType=distributions\u0026version=1.9.0",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.amq.interconnect\u0026downloadType=distributions\u0026version=1.9.0"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_amq/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_amq/"
},
{
"category": "external",
"summary": "1828406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
},
{
"category": "external",
"summary": "1850004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004"
},
{
"category": "external",
"summary": "1850119",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850119"
},
{
"category": "external",
"summary": "ENTMQIC-2448",
"url": "https://issues.redhat.com/browse/ENTMQIC-2448"
},
{
"category": "external",
"summary": "ENTMQIC-2455",
"url": "https://issues.redhat.com/browse/ENTMQIC-2455"
},
{
"category": "external",
"summary": "ENTMQIC-2460",
"url": "https://issues.redhat.com/browse/ENTMQIC-2460"
},
{
"category": "external",
"summary": "ENTMQIC-2481",
"url": "https://issues.redhat.com/browse/ENTMQIC-2481"
},
{
"category": "external",
"summary": "ENTMQIC-2485",
"url": "https://issues.redhat.com/browse/ENTMQIC-2485"
},
{
"category": "external",
"summary": "ENTMQIC-2492",
"url": "https://issues.redhat.com/browse/ENTMQIC-2492"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_4211.json"
}
],
"title": "Red Hat Security Advisory: Red Hat AMQ Interconnect 1.9.0 release and security update",
"tracking": {
"current_release_date": "2024-11-15T09:37:23+00:00",
"generator": {
"date": "2024-11-15T09:37:23+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2020:4211",
"initial_release_date": "2020-10-08T07:01:31+00:00",
"revision_history": [
{
"date": "2020-10-08T07:01:31+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-10-08T07:01:31+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T09:37:23+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat AMQ Interconnect 1",
"product": {
"name": "Red Hat AMQ Interconnect 1",
"product_id": "7ComputeNode-RH7-A-MQ-Interconnect-1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:amq_interconnect:1::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat AMQ Interconnect 1",
"product": {
"name": "Red Hat AMQ Interconnect 1",
"product_id": "7Server-RH7-A-MQ-Interconnect-1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:amq_interconnect:1::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat AMQ Interconnect 1",
"product": {
"name": "Red Hat AMQ Interconnect 1",
"product_id": "7Workstation-RH7-A-MQ-Interconnect-1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:amq_interconnect:1::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat AMQ Interconnect 1",
"product": {
"name": "Red Hat AMQ Interconnect 1",
"product_id": "6ComputeNode-RH6-A-MQ-Interconnect-1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:amq_interconnect:1::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat AMQ Interconnect 1",
"product": {
"name": "Red Hat AMQ Interconnect 1",
"product_id": "6Server-RH6-A-MQ-Interconnect-1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:amq_interconnect:1::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat AMQ Interconnect 1",
"product": {
"name": "Red Hat AMQ Interconnect 1",
"product_id": "6Workstation-RH6-A-MQ-Interconnect-1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:amq_interconnect:1::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat AMQ Interconnect 1",
"product": {
"name": "Red Hat AMQ Interconnect 1",
"product_id": "8Base-A-MQ-Interconnect-1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:amq_interconnect:1::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss AMQ Interconnect"
},
{
"branches": [
{
"category": "product_version",
"name": "qpid-dispatch-0:1.13.0-3.el7.src",
"product": {
"name": "qpid-dispatch-0:1.13.0-3.el7.src",
"product_id": "qpid-dispatch-0:1.13.0-3.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch@1.13.0-3.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "qpid-dispatch-0:1.13.0-3.el6_10.src",
"product": {
"name": "qpid-dispatch-0:1.13.0-3.el6_10.src",
"product_id": "qpid-dispatch-0:1.13.0-3.el6_10.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch@1.13.0-3.el6_10?arch=src"
}
}
},
{
"category": "product_version",
"name": "qpid-dispatch-0:1.13.0-3.el8.src",
"product": {
"name": "qpid-dispatch-0:1.13.0-3.el8.src",
"product_id": "qpid-dispatch-0:1.13.0-3.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch@1.13.0-3.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"product": {
"name": "qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"product_id": "qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch-console@1.13.0-3.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"product": {
"name": "qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"product_id": "qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch-docs@1.13.0-3.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"product": {
"name": "qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"product_id": "qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch-tools@1.13.0-3.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"product": {
"name": "qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"product_id": "qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch-console@1.13.0-3.el6_10?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"product": {
"name": "qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"product_id": "qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch-docs@1.13.0-3.el6_10?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"product": {
"name": "qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"product_id": "qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch-tools@1.13.0-3.el6_10?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "qpid-dispatch-console-0:1.13.0-3.el8.noarch",
"product": {
"name": "qpid-dispatch-console-0:1.13.0-3.el8.noarch",
"product_id": "qpid-dispatch-console-0:1.13.0-3.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch-console@1.13.0-3.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "qpid-dispatch-docs-0:1.13.0-3.el8.noarch",
"product": {
"name": "qpid-dispatch-docs-0:1.13.0-3.el8.noarch",
"product_id": "qpid-dispatch-docs-0:1.13.0-3.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch-docs@1.13.0-3.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "qpid-dispatch-tools-0:1.13.0-3.el8.noarch",
"product": {
"name": "qpid-dispatch-tools-0:1.13.0-3.el8.noarch",
"product_id": "qpid-dispatch-tools-0:1.13.0-3.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch-tools@1.13.0-3.el8?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"product": {
"name": "qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"product_id": "qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch-router@1.13.0-3.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"product": {
"name": "qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"product_id": "qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch-debuginfo@1.13.0-3.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"product": {
"name": "qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"product_id": "qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch-router@1.13.0-3.el6_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"product": {
"name": "qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"product_id": "qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch-debuginfo@1.13.0-3.el6_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "qpid-dispatch-router-0:1.13.0-3.el8.x86_64",
"product": {
"name": "qpid-dispatch-router-0:1.13.0-3.el8.x86_64",
"product_id": "qpid-dispatch-router-0:1.13.0-3.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch-router@1.13.0-3.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "qpid-dispatch-debugsource-0:1.13.0-3.el8.x86_64",
"product": {
"name": "qpid-dispatch-debugsource-0:1.13.0-3.el8.x86_64",
"product_id": "qpid-dispatch-debugsource-0:1.13.0-3.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch-debugsource@1.13.0-3.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "qpid-dispatch-router-debuginfo-0:1.13.0-3.el8.x86_64",
"product": {
"name": "qpid-dispatch-router-debuginfo-0:1.13.0-3.el8.x86_64",
"product_id": "qpid-dispatch-router-debuginfo-0:1.13.0-3.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch-router-debuginfo@1.13.0-3.el8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"product": {
"name": "qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"product_id": "qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch-router@1.13.0-3.el6_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"product": {
"name": "qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"product_id": "qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch-debuginfo@1.13.0-3.el6_10?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-0:1.13.0-3.el6_10.src as a component of Red Hat AMQ Interconnect 1",
"product_id": "6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src"
},
"product_reference": "qpid-dispatch-0:1.13.0-3.el6_10.src",
"relates_to_product_reference": "6ComputeNode-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-console-0:1.13.0-3.el6_10.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch"
},
"product_reference": "qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"relates_to_product_reference": "6ComputeNode-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686 as a component of Red Hat AMQ Interconnect 1",
"product_id": "6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686"
},
"product_reference": "qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"relates_to_product_reference": "6ComputeNode-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64 as a component of Red Hat AMQ Interconnect 1",
"product_id": "6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64"
},
"product_reference": "qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"relates_to_product_reference": "6ComputeNode-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch"
},
"product_reference": "qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"relates_to_product_reference": "6ComputeNode-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-router-0:1.13.0-3.el6_10.i686 as a component of Red Hat AMQ Interconnect 1",
"product_id": "6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686"
},
"product_reference": "qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"relates_to_product_reference": "6ComputeNode-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64 as a component of Red Hat AMQ Interconnect 1",
"product_id": "6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64"
},
"product_reference": "qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"relates_to_product_reference": "6ComputeNode-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch"
},
"product_reference": "qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"relates_to_product_reference": "6ComputeNode-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-0:1.13.0-3.el6_10.src as a component of Red Hat AMQ Interconnect 1",
"product_id": "6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src"
},
"product_reference": "qpid-dispatch-0:1.13.0-3.el6_10.src",
"relates_to_product_reference": "6Server-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-console-0:1.13.0-3.el6_10.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch"
},
"product_reference": "qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"relates_to_product_reference": "6Server-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686 as a component of Red Hat AMQ Interconnect 1",
"product_id": "6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686"
},
"product_reference": "qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"relates_to_product_reference": "6Server-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64 as a component of Red Hat AMQ Interconnect 1",
"product_id": "6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64"
},
"product_reference": "qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"relates_to_product_reference": "6Server-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch"
},
"product_reference": "qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"relates_to_product_reference": "6Server-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-router-0:1.13.0-3.el6_10.i686 as a component of Red Hat AMQ Interconnect 1",
"product_id": "6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686"
},
"product_reference": "qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"relates_to_product_reference": "6Server-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64 as a component of Red Hat AMQ Interconnect 1",
"product_id": "6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64"
},
"product_reference": "qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"relates_to_product_reference": "6Server-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch"
},
"product_reference": "qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"relates_to_product_reference": "6Server-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-0:1.13.0-3.el6_10.src as a component of Red Hat AMQ Interconnect 1",
"product_id": "6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src"
},
"product_reference": "qpid-dispatch-0:1.13.0-3.el6_10.src",
"relates_to_product_reference": "6Workstation-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-console-0:1.13.0-3.el6_10.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch"
},
"product_reference": "qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"relates_to_product_reference": "6Workstation-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686 as a component of Red Hat AMQ Interconnect 1",
"product_id": "6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686"
},
"product_reference": "qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"relates_to_product_reference": "6Workstation-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64 as a component of Red Hat AMQ Interconnect 1",
"product_id": "6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64"
},
"product_reference": "qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"relates_to_product_reference": "6Workstation-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch"
},
"product_reference": "qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"relates_to_product_reference": "6Workstation-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-router-0:1.13.0-3.el6_10.i686 as a component of Red Hat AMQ Interconnect 1",
"product_id": "6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686"
},
"product_reference": "qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"relates_to_product_reference": "6Workstation-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64 as a component of Red Hat AMQ Interconnect 1",
"product_id": "6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64"
},
"product_reference": "qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"relates_to_product_reference": "6Workstation-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch"
},
"product_reference": "qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"relates_to_product_reference": "6Workstation-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-0:1.13.0-3.el7.src as a component of Red Hat AMQ Interconnect 1",
"product_id": "7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src"
},
"product_reference": "qpid-dispatch-0:1.13.0-3.el7.src",
"relates_to_product_reference": "7ComputeNode-RH7-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-console-0:1.13.0-3.el7.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch"
},
"product_reference": "qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"relates_to_product_reference": "7ComputeNode-RH7-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64 as a component of Red Hat AMQ Interconnect 1",
"product_id": "7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64"
},
"product_reference": "qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-RH7-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-docs-0:1.13.0-3.el7.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch"
},
"product_reference": "qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"relates_to_product_reference": "7ComputeNode-RH7-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-router-0:1.13.0-3.el7.x86_64 as a component of Red Hat AMQ Interconnect 1",
"product_id": "7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64"
},
"product_reference": "qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-RH7-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-tools-0:1.13.0-3.el7.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch"
},
"product_reference": "qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"relates_to_product_reference": "7ComputeNode-RH7-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-0:1.13.0-3.el7.src as a component of Red Hat AMQ Interconnect 1",
"product_id": "7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src"
},
"product_reference": "qpid-dispatch-0:1.13.0-3.el7.src",
"relates_to_product_reference": "7Server-RH7-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-console-0:1.13.0-3.el7.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch"
},
"product_reference": "qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"relates_to_product_reference": "7Server-RH7-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64 as a component of Red Hat AMQ Interconnect 1",
"product_id": "7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64"
},
"product_reference": "qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-docs-0:1.13.0-3.el7.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch"
},
"product_reference": "qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"relates_to_product_reference": "7Server-RH7-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-router-0:1.13.0-3.el7.x86_64 as a component of Red Hat AMQ Interconnect 1",
"product_id": "7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64"
},
"product_reference": "qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-tools-0:1.13.0-3.el7.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch"
},
"product_reference": "qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"relates_to_product_reference": "7Server-RH7-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-0:1.13.0-3.el7.src as a component of Red Hat AMQ Interconnect 1",
"product_id": "7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src"
},
"product_reference": "qpid-dispatch-0:1.13.0-3.el7.src",
"relates_to_product_reference": "7Workstation-RH7-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-console-0:1.13.0-3.el7.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch"
},
"product_reference": "qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"relates_to_product_reference": "7Workstation-RH7-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64 as a component of Red Hat AMQ Interconnect 1",
"product_id": "7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64"
},
"product_reference": "qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"relates_to_product_reference": "7Workstation-RH7-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-docs-0:1.13.0-3.el7.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch"
},
"product_reference": "qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"relates_to_product_reference": "7Workstation-RH7-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-router-0:1.13.0-3.el7.x86_64 as a component of Red Hat AMQ Interconnect 1",
"product_id": "7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64"
},
"product_reference": "qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"relates_to_product_reference": "7Workstation-RH7-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-tools-0:1.13.0-3.el7.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch"
},
"product_reference": "qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"relates_to_product_reference": "7Workstation-RH7-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-0:1.13.0-3.el8.src as a component of Red Hat AMQ Interconnect 1",
"product_id": "8Base-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el8.src"
},
"product_reference": "qpid-dispatch-0:1.13.0-3.el8.src",
"relates_to_product_reference": "8Base-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-console-0:1.13.0-3.el8.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "8Base-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el8.noarch"
},
"product_reference": "qpid-dispatch-console-0:1.13.0-3.el8.noarch",
"relates_to_product_reference": "8Base-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-debugsource-0:1.13.0-3.el8.x86_64 as a component of Red Hat AMQ Interconnect 1",
"product_id": "8Base-A-MQ-Interconnect-1:qpid-dispatch-debugsource-0:1.13.0-3.el8.x86_64"
},
"product_reference": "qpid-dispatch-debugsource-0:1.13.0-3.el8.x86_64",
"relates_to_product_reference": "8Base-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-docs-0:1.13.0-3.el8.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "8Base-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el8.noarch"
},
"product_reference": "qpid-dispatch-docs-0:1.13.0-3.el8.noarch",
"relates_to_product_reference": "8Base-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-router-0:1.13.0-3.el8.x86_64 as a component of Red Hat AMQ Interconnect 1",
"product_id": "8Base-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el8.x86_64"
},
"product_reference": "qpid-dispatch-router-0:1.13.0-3.el8.x86_64",
"relates_to_product_reference": "8Base-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-router-debuginfo-0:1.13.0-3.el8.x86_64 as a component of Red Hat AMQ Interconnect 1",
"product_id": "8Base-A-MQ-Interconnect-1:qpid-dispatch-router-debuginfo-0:1.13.0-3.el8.x86_64"
},
"product_reference": "qpid-dispatch-router-debuginfo-0:1.13.0-3.el8.x86_64",
"relates_to_product_reference": "8Base-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-tools-0:1.13.0-3.el8.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "8Base-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el8.noarch"
},
"product_reference": "qpid-dispatch-tools-0:1.13.0-3.el8.noarch",
"relates_to_product_reference": "8Base-A-MQ-Interconnect-1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-7656",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-06-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1850119"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jquery in versions prior to 1.9.0. A cross-site scripting attack is possible as the load method fails to recognize and remove \"\u003cscript\u003e\" HTML tags that contain a whitespace character which results in the enclosed script logic to be executed. The highest threat from this vulnerability is to data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting (XSS) via \u003cscript\u003e HTML tags containing whitespaces",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux version 6, 7 and 8 ship a vulnerable version of JQuery in the `pcs` component. However the vulnerable has not been found to be exploitable in reasonable scenarios. A future update may update JQuery to a fixed version.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el8.src",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el8.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-debugsource-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el8.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-router-debuginfo-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el8.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-7656"
},
{
"category": "external",
"summary": "RHBZ#1850119",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850119"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-7656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7656"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-7656",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7656"
}
],
"release_date": "2020-05-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-10-08T07:01:31+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el8.src",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el8.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-debugsource-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el8.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-router-debuginfo-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el8.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el8.src",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el8.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-debugsource-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el8.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-router-debuginfo-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el8.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Cross-site scripting (XSS) via \u003cscript\u003e HTML tags containing whitespaces"
},
{
"cve": "CVE-2020-11022",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-04-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1828406"
}
],
"notes": [
{
"category": "description",
"text": "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the \u2018HTML\u2019 function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el8.src",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el8.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-debugsource-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el8.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-router-debuginfo-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el8.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11022"
},
{
"category": "external",
"summary": "RHBZ#1828406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2",
"url": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2"
}
],
"release_date": "2020-04-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-10-08T07:01:31+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el8.src",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el8.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-debugsource-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el8.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-router-debuginfo-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el8.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el8.src",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el8.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-debugsource-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el8.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-router-debuginfo-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el8.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method"
},
{
"cve": "CVE-2020-11023",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-06-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1850004"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery\u0027s DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux versions 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. However, the vulnerability has not been found to be exploitable in reasonable scenarios. \n\nIn RHEL7, pcs-0.9.169-3.el7_9.3 [RHSA-2022:7343] contains an updated version of jquery (3.6.0), which does not contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el8.src",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el8.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-debugsource-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el8.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-router-debuginfo-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el8.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11023"
},
{
"category": "external",
"summary": "RHBZ#1850004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023"
},
{
"category": "external",
"summary": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/",
"url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"
}
],
"release_date": "2020-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-10-08T07:01:31+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el8.src",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el8.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-debugsource-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el8.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-router-debuginfo-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el8.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el8.src",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el8.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-debugsource-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el8.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-router-debuginfo-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el8.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods"
}
]
}
GHSA-Q4M3-2J7H-F7XW
Vulnerability from github – Published: 2020-05-20 16:18 – Updated: 2024-10-10 16:17
VLAI?
Summary
Cross-Site Scripting in jquery
Details
Versions of jquery prior to 1.9.0 are vulnerable to Cross-Site Scripting. The load method fails to recognize and remove <script> HTML tags that contain a whitespace character, i.e: </script >, which results in the enclosed script logic to be executed. This allows attackers to execute arbitrary JavaScript in a victim's browser.
Recommendation
Upgrade to version 1.9.0 or later.
Severity ?
6.1 (Medium)
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "jquery"
},
"ranges": [
{
"events": [
{
"introduced": "1.2.1"
},
{
"fixed": "1.9.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "jQuery"
},
"ranges": [
{
"events": [
{
"introduced": "1.2.1"
},
{
"fixed": "1.9.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "RubyGems",
"name": "jquery-rails"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.webjars.npm:jquery"
},
"ranges": [
{
"events": [
{
"introduced": "1.2.1"
},
{
"fixed": "1.9.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-7656"
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"github_reviewed": true,
"github_reviewed_at": "2020-05-20T16:17:45Z",
"nvd_published_at": "2020-05-19T21:15:00Z",
"severity": "MODERATE"
},
"details": "Versions of `jquery` prior to 1.9.0 are vulnerable to Cross-Site Scripting. The load method fails to recognize and remove `\u003cscript\u003e` HTML tags that contain a whitespace character, i.e: `\u003c/script \u003e`, which results in the enclosed script logic to be executed. This allows attackers to execute arbitrary JavaScript in a victim\u0027s browser.\n\n\n## Recommendation\n\nUpgrade to version 1.9.0 or later.",
"id": "GHSA-q4m3-2j7h-f7xw",
"modified": "2024-10-10T16:17:32Z",
"published": "2020-05-20T16:18:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7656"
},
{
"type": "WEB",
"url": "https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d"
},
{
"type": "WEB",
"url": "https://github.com/jquery/jquery/commit/606b863edaff29035960e4d813b45d63b8d92876"
},
{
"type": "PACKAGE",
"url": "https://github.com/jquery/jquery"
},
{
"type": "WEB",
"url": "https://github.com/jquery/jquery/blob/9e6393b0bcb52b15313f88141d0bd7dd54227426/src/ajax.js#L203"
},
{
"type": "WEB",
"url": "https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#220-19-january-2013"
},
{
"type": "WEB",
"url": "https://github.com/rails/jquery-rails/blob/v2.1.4/vendor/assets/javascripts/jquery.js#L7481"
},
{
"type": "WEB",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2020-7656.yml"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20200528-0001"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-JS-JQUERY-569619"
},
{
"type": "WEB",
"url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1?language=en_US"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Cross-Site Scripting in jquery"
}
ICSA-22-097-01
Vulnerability from csaf_cisa - Published: 2022-04-07 00:00 - Updated: 2022-04-07 00:00Summary
Pepperl+Fuchs WirelessHART-Gateway
Notes
CISA Disclaimer
This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation
Successful exploitation of these vulnerabilities may result in a denial-of-service condition, code execution, and code exposure.
Critical infrastructure sectors
Multiple
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take the following measures to protect themselves from social engineering attacks:
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.
Exploitability
No known public exploits specifically target these vulnerabilities.
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordinating these vulnerabilities with Pepperl+Fuchs"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities may result in a denial-of-service condition, code execution, and code exposure.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Multiple",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take the following measures to protect themselves from social engineering attacks:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "No known public exploits specifically target these vulnerabilities.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-22-097-01 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2022/icsa-22-097-01.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-22-097-01 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-097-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Pepperl+Fuchs WirelessHART-Gateway",
"tracking": {
"current_release_date": "2022-04-07T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-22-097-01",
"initial_release_date": "2022-04-07T00:00:00.000000Z",
"revision_history": [
{
"date": "2022-04-07T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-22-097-01 Pepperl+Fuchs WirelessHART-Gateway"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0.7 | 3.0.8 | 3.0.9",
"product": {
"name": "WHA-GW-F2D2-0-AS- Z2-ETH: Versions 3.0.7 3.0.8 3.0.9",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "WHA-GW-F2D2-0-AS- Z2-ETH"
},
{
"branches": [
{
"category": "product_version",
"name": "3.0.7 | 3.0.8 | 3.0.9",
"product": {
"name": "WHA-GW-F2D2-0-AS- Z2-ETH.EIP: Versions 3.0.7 3.0.8 3.0.9",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "WHA-GW-F2D2-0-AS- Z2-ETH.EIP"
}
],
"category": "vendor",
"name": "Pepperl+Fuchs"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-34565",
"cwe": {
"id": "CWE-798",
"name": "Use of Hard-coded Credentials"
},
"notes": [
{
"category": "summary",
"text": "The affected product allows active SSH and telnet services with hard-coded credentials.CVE-2021-34565 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34565"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2016-10707",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "jQuery 3.0.0-rc.1 is vulnerable to a denial-of-service condition due to removing a logic a lowercased attribute names. Any attribute using a mixed-cased name for boolean attributes goes into an infinite recursion, exceeding the stack call limit.CVE-2016-10707 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10707"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2021-34561",
"cwe": {
"id": "CWE-350",
"name": "Reliance on Reverse DNS Resolution for a Security-Critical Action"
},
"notes": [
{
"category": "summary",
"text": "If the application is not externally accessible or uses IP-based access restrictions, attackers can use DNS rebinding to bypass any IP or firewall-based access restrictions by proxying through their target\u0027s browser. This vulnerability only affects Versions 3.0.7 through 3.0.8.CVE-2021-34561 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34561"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2021-33555",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The filename parameter is vulnerable to unauthenticated path traversal attacks, enabling read access to arbitrary files on the server. This vulnerability only affects Version 3.0.7.CVE-2021-33555 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33555"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2014-6071",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "jQuery Version 1.4.2 allows remote attackers to conduct cross-site scripting attacks via vectors related to use of the text method.CVE-2014-6071 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6071"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2012-6708",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "jQuery versions prior to 1.9.0 are vulnerable to cross-site scripting attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the \u0027\u003c\u0027 character anywhere in the string, giving attackers more flexibility when attempting to deliver a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the \u0027\u003c\u0027 character, limiting exploitability only to attackers who can control the beginning of a string.CVE-2012-6708 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6708"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2015-9251",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "jQuery versions prior to 3.0.0 are vulnerable to cross-site scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.CVE-2015-9251 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9251"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2020-11023",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In jQuery versions between 1.0.3 and 3.5.0, passing HTML containing \u003coption\u003e elements from untrusted sources (even after sanitizing it) to one of jQuery\u0027s DOM manipulation methods (i.e., .html(), .append(), and others) may execute untrusted code. This vulnerability is patched in jQuery 3.5.0.CVE-2020-11023 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11023"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2020-11022",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In jQuery versions between 1.2 and 3.5.0, passing HTML from untrusted sources (even after sanitizing it) to one of jQuery\u0027s DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This vulnerability is patched in jQuery 3.5.0.CVE-2020-11022 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11022"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2019-11358",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "jQuery versions prior to 3.4.0, as used in specific products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.CVE-2019-11358 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11358"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2020-7656",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "jQuery versions prior to 1.9.0 allow cross-site scripting attacks via the load method. The load method fails to recognize and remove \"\u003cscript\u003e\" HTML tags that contain a whitespace character, \"\u003c/script \u003e\", which results in the enclosed script logic to be executed.CVE-2020-7656 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7656"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2021-34560",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "The affected product contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user\u0027s computer.CVE-2021-34560 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34560"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2021-34564",
"cwe": {
"id": "CWE-315",
"name": "Cleartext Storage of Sensitive Information in a Cookie"
},
"notes": [
{
"category": "summary",
"text": "Cookie stealing vulnerabilities within the application or browser allow an attacker to steal the user\u0027s credentials in Version 3.0.9.CVE-2021-34564 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34564"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2021-34559",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the affected product, Versions 3.0.7 through 3.0.8 have a vulnerability that may allow remote attackers to rewrite links and URLs in cached pages to arbitrary strings.CVE-2021-34559 has been assigned to this vulnerability. A CVSS v3 base score of 5.4 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34559"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2021-34562",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the affected product, Version 3.0.8, it is possible to inject arbitrary JavaScript into the application\u0027s response.CVE-2021-34562 has been assigned to this vulnerability. A CVSS v3 base score of 5.4 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34562"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2007-2379",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "The jQuery framework exchanges data using JavaScript object notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka \"JavaScript Hijacking.\"CVE-2007-2379 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2379"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2011-4969",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "jQuery versions prior to 1.6.3 contain a Cross-site scripting (XSS) vulnerability, which when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.CVE-2011-4969 has been assigned to this vulnerability. A CVSS v3 base score of 4.7 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4969"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2021-34563",
"cwe": {
"id": "CWE-1004",
"name": "Sensitive Cookie Without \u0027HttpOnly\u0027 Flag"
},
"notes": [
{
"category": "summary",
"text": "In the affected product, Versions 3.0.8 and 3.0.9, the HttpOnly attribute is not set on a cookie, which allows the cookie\u0027s value to be read or set by client-side JavaScript.CVE-2021-34563 has been assigned to this vulnerability. A CVSS v3 base score of 3.3 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34563"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2013-0169",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the Lucky Thirteen issue.CVE-2013-0169 has been assigned to this vulnerability. A CVSS v3 base score of 3.7 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0169"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
}
]
}
FKIE_CVE-2020-7656
Vulnerability from fkie_nvd - Published: 2020-05-19 21:15 - Updated: 2024-11-21 05:37
Severity ?
Summary
jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.
References
| URL | Tags | ||
|---|---|---|---|
| report@snyk.io | https://security.netapp.com/advisory/ntap-20200528-0001/ | Third Party Advisory | |
| report@snyk.io | https://snyk.io/vuln/SNYK-JS-JQUERY-569619 | Exploit, Third Party Advisory | |
| report@snyk.io | https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1?language=en_US | Third Party Advisory | |
| report@snyk.io | https://www.oracle.com/security-alerts/cpujul2022.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20200528-0001/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://snyk.io/vuln/SNYK-JS-JQUERY-569619 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1?language=en_US | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujul2022.html | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| jquery | jquery | * | |
| oracle | peoplesoft_enterprise_peopletools | 8.58 | |
| netapp | active_iq_unified_manager | - | |
| netapp | active_iq_unified_manager | - | |
| netapp | active_iq_unified_manager | - | |
| netapp | cloud_backup | - | |
| netapp | oncommand_system_manager | * | |
| netapp | snap_creator_framework | - | |
| juniper | junos | 21.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jquery:jquery:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "49F1A5F5-D118-444E-B0EA-757DD5E181AC",
"versionEndExcluding": "1.9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
"matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*",
"matchCriteriaId": "F3E0B672-3E06-4422-B2A4-0BD073AEC2A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34B80C9D-62AA-42FA-AB46-F8A414FCBE5E",
"versionEndIncluding": "3.1.3",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F4754FB-E3EB-454A-AB1A-AE3835C5350C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*",
"matchCriteriaId": "216E7DDE-453D-481F-92E2-9F8466CDDA3F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"\u003cscript\u003e\" HTML tags that contain a whitespace character, i.e: \"\u003c/script \u003e\", which results in the enclosed script logic to be executed."
},
{
"lang": "es",
"value": "jquery versiones anteriores a 1.9.0, permite ataques de tipo Cross-site Scripting por medio del m\u00e9todo de carga. El m\u00e9todo de carga presenta un fallo al reconocer y eliminar las etiquetas HTML \"(script)\" que contienen un car\u00e1cter de espacio en blanco, es decir: \"(/script )\", lo cual resulta en que la l\u00f3gica de script adjunta sea ejecutada."
}
],
"id": "CVE-2020-7656",
"lastModified": "2024-11-21T05:37:33.227",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-19T21:15:10.257",
"references": [
{
"source": "report@snyk.io",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200528-0001/"
},
{
"source": "report@snyk.io",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://snyk.io/vuln/SNYK-JS-JQUERY-569619"
},
{
"source": "report@snyk.io",
"tags": [
"Third Party Advisory"
],
"url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1?language=en_US"
},
{
"source": "report@snyk.io",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200528-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://snyk.io/vuln/SNYK-JS-JQUERY-569619"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1?language=en_US"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"sourceIdentifier": "report@snyk.io",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GSD-2020-7656
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-7656",
"description": "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"\u003cscript\u003e\" HTML tags that contain a whitespace character, i.e: \"\u003c/script \u003e\", which results in the enclosed script logic to be executed.",
"id": "GSD-2020-7656",
"references": [
"https://access.redhat.com/errata/RHSA-2021:4142",
"https://access.redhat.com/errata/RHSA-2020:4211",
"https://linux.oracle.com/cve/CVE-2020-7656.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-7656"
],
"details": "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"\u003cscript\u003e\" HTML tags that contain a whitespace character, i.e: \"\u003c/script \u003e\", which results in the enclosed script logic to be executed.",
"id": "GSD-2020-7656",
"modified": "2023-12-13T01:21:52.174266Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"ID": "CVE-2020-7656",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "jquery",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 1.9.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"\u003cscript\u003e\" HTML tags that contain a whitespace character, i.e: \"\u003c/script \u003e\", which results in the enclosed script logic to be executed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.netapp.com/advisory/ntap-20200528-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200528-0001/"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "https://snyk.io/vuln/SNYK-JS-JQUERY-569619",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-JQUERY-569619"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200528-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200528-0001/"
},
{
"name": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1?language=en_US",
"refsource": "MISC",
"url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1?language=en_US"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c2.2.0",
"affected_versions": "All versions before 2.2.0",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-79",
"CWE-937"
],
"date": "2023-07-10",
"description": "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"\u003cscript\u003e\" HTML tags that contain a whitespace character, i.e: \"\u003c/script \u003e\", which results in the enclosed script logic to be executed.",
"fixed_versions": [
"2.2.0"
],
"identifier": "CVE-2020-7656",
"identifiers": [
"GHSA-q4m3-2j7h-f7xw",
"CVE-2020-7656"
],
"not_impacted": "All versions starting from 2.2.0",
"package_slug": "gem/jquery-rails",
"pubdate": "2020-05-20",
"solution": "Upgrade to version 2.2.0 or above.",
"title": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-7656",
"https://snyk.io/vuln/SNYK-JS-JQUERY-569619",
"https://security.netapp.com/advisory/ntap-20200528-0001/",
"https://www.oracle.com/security-alerts/cpujul2022.html",
"https://github.com/jquery/jquery/blob/9e6393b0bcb52b15313f88141d0bd7dd54227426/src/ajax.js#L203",
"https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#220-19-january-2013",
"https://github.com/rails/jquery-rails/blob/v2.1.4/vendor/assets/javascripts/jquery.js#L7481",
"https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1?language=en_US",
"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2020-7656.yml",
"https://github.com/advisories/GHSA-q4m3-2j7h-f7xw"
],
"uuid": "3ecbd5f3-d5ac-4596-bb3e-9b8255642347"
},
{
"affected_range": "\u003c1.9.0",
"affected_versions": "All versions before 1.9.0",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-79",
"CWE-937"
],
"date": "2020-05-28",
"description": "jQuery, which is used by the rdoc gem, allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove `\u003cscript\u003e` HTML tags that contain a whitespace character, i.e., `\u003c/script \u003e`, which results in the enclosed script logic to be executed.",
"fixed_versions": [
"2.0.0"
],
"identifier": "CVE-2020-7656",
"identifiers": [
"CVE-2020-7656"
],
"not_impacted": "All versions starting from 1.9.0",
"package_slug": "gem/rdoc",
"pubdate": "2020-05-19",
"solution": "Upgrade to version 2.0.0 or above.",
"title": "Cross-site Scripting",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-7656"
],
"uuid": "aa33ca08-0d7b-4e26-9ceb-83fbd44e9f05"
},
{
"affected_range": "\u003c1.9.0",
"affected_versions": "All versions before 1.9.0",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-79",
"CWE-937"
],
"date": "2020-05-28",
"description": "JQuery allows Cross-site Scripting attacks via the `load` method. The `load` method fails to recognize and remove `\u003cscript\u003e` HTML tags that contain a whitespace character such as `\u003c/script \u003e`.",
"fixed_versions": [
"1.9.1"
],
"identifier": "CVE-2020-7656",
"identifiers": [
"CVE-2020-7656"
],
"not_impacted": "All versions starting from 1.9.0",
"package_slug": "npm/jquery",
"pubdate": "2020-05-19",
"solution": "Upgrade to version 1.9.1 or above.",
"title": "Cross-site Scripting",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-7656"
],
"uuid": "65460751-636c-4e9f-9dd3-00bfc7379043"
},
{
"affected_range": "(,1.9.0)",
"affected_versions": "All versions before 1.9.0",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-79",
"CWE-937"
],
"date": "2023-05-30",
"description": "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"\u003cscript\u003e\" HTML tags that contain a whitespace character, i.e: \"\u003c/script \u003e\", which results in the enclosed script logic to be executed.",
"fixed_versions": [
"1.9.0"
],
"identifier": "CVE-2020-7656",
"identifiers": [
"GHSA-q4m3-2j7h-f7xw",
"CVE-2020-7656"
],
"not_impacted": "All versions starting from 1.9.0",
"package_slug": "nuget/jQuery",
"pubdate": "2020-05-20",
"solution": "Upgrade to version 1.9.0 or above.",
"title": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-7656",
"https://snyk.io/vuln/SNYK-JS-JQUERY-569619",
"https://security.netapp.com/advisory/ntap-20200528-0001/",
"https://github.com/advisories/GHSA-q4m3-2j7h-f7xw",
"https://www.npmjs.com/advisories/1524",
"https://www.oracle.com/security-alerts/cpujul2022.html"
],
"uuid": "014e4e8b-8cb3-4e2e-ad6d-7b607282afdc"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:jquery:jquery:*:*:*:*:*:node.js:*:*",
"cpe_name": [],
"versionEndExcluding": "1.9.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.1.3",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"ID": "CVE-2020-7656"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"\u003cscript\u003e\" HTML tags that contain a whitespace character, i.e: \"\u003c/script \u003e\", which results in the enclosed script logic to be executed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-JS-JQUERY-569619",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://snyk.io/vuln/SNYK-JS-JQUERY-569619"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200528-0001/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200528-0001/"
},
{
"name": "N/A",
"refsource": "N/A",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1?language=en_US",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1?language=en_US"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
},
"lastModifiedDate": "2023-06-22T19:49Z",
"publishedDate": "2020-05-19T21:15Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…