var-202110-1615
Vulnerability from variot

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various *Text options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various *Text options are now always treated as pure text, not HTML. A workaround is to not accept the value of the *Text options from untrusted sources. jQuery-UI Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. jQuery is an open source, cross-browser JavaScript library developed by American John Resig individual developer. The library simplifies the operation between HTML and JavaScript, and has the characteristics of modularization and plug-in extension. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: RHV Manager (ovirt-engine) [ovirt-4.5.0] security update Advisory ID: RHSA-2022:4711-01 Product: Red Hat Virtualization Advisory URL: https://access.redhat.com/errata/RHSA-2022:4711 Issue date: 2022-05-26 CVE Names: CVE-2021-3807 CVE-2021-23425 CVE-2021-33502 CVE-2021-41182 CVE-2021-41183 CVE-2021-41184 ==================================================================== 1. Summary:

Updated ovirt-engine packages that fix several bugs and add various enhancements are now available.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4 - noarch

  1. Description:

The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.

Security Fix(es):

  • nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (CVE-2021-3807)

  • nodejs-trim-off-newlines: ReDoS via string processing (CVE-2021-23425)

  • normalize-url: ReDoS for data URLs (CVE-2021-33502)

  • jquery-ui: XSS in the altField option of the datepicker widget (CVE-2021-41182)

  • jquery-ui: XSS in *Text options of the datepicker widget (CVE-2021-41183)

  • jquery-ui: XSS in the 'of' option of the .position() util (CVE-2021-41184)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

A list of bugs fixed in this update is available in the Technical Notes book:

https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/2974891

  1. Bugs fixed (https://bugzilla.redhat.com/):

655153 - [RFE] confirmation prompt when suspending a virtual machine - webadmin 977778 - [RFE] - Mechanism for converting disks for non-running VMS 1624015 - [RFE] Expose Console Options and Console invocation via API 1648985 - VM from VM-pool which is already in use by a SuperUser is presented to another User with UserRole permission who can shutdown the VM. 1667517 - [RFE] add VM Portal setting for set screen mode 1687845 - Multiple notification for one time host activation 1781241 - missing ?connect automatically? option in vm portal 1782056 - [RFE] Integration of built-in ipsec feature in RHV/RHHI-V with OVN 1849169 - [RFE] add virtualCPUs/physicalCPUs ratio property to evenly_distributed policy 1878930 - [RFE] Provide warning event if MAC Address Pool free and available addresses are below threshold 1922977 - [RFE] VM shared disks are not part of the OVF_STORE 1926625 - [RFE] How to enable HTTP Strict Transport Security (HSTS) on Apache HTTPD for Red Hat Virtualization Manager 1927985 - [RFE] Speed up export-to-OVA on NFS by aligning loopback device offset 1944290 - URL to change the password is not shown properly 1944834 - [RFE] Timer for Console Disconnect Action - Shutdown VM after N minutes of being disconnected (Webadmin-only) 1956295 - Template import from storage domain fails when quota is enabled. 1959186 - Enable assignment of user quota when provisioning from a non-blank template via rest-api 1964208 - [RFE] add new feature for VM's screenshot on RestAPI 1964461 - CVE-2021-33502 normalize-url: ReDoS for data URLs 1971622 - Incorrect warning displayed: "The VM CPU does not match the Cluster CPU Type" 1974741 - Disk images remain in locked state if the HE VM is rebooted during a image transfer 1979441 - High Performance VMs always have "VM CPU does not match the cluster CPU Type" warning 1979797 - Ask user for confirmation when the deleted storage domain has leases of VMs that has disk in other SDs 1980192 - Network statistics copy a U64 into DECIMAL(18,4) 1986726 - VM imported from OVA gets thin provisioned disk despite of allocation policy set as 'preallocated' 1986834 - [DOCS] add nodejs and maven to list of subscription streams to be enabled in RHVM installation 1987121 - [RFE] Support enabling nVidia Unified Memory on mdev vGPU 1988496 - vmconsole-proxy-helper.cer is not renewed when running engine-setup 1990462 - [RFE] Add user name and password to ELK integration 1991240 - Assign user quota when provisioning from a non-blank template via web-ui 1995793 - CVE-2021-23425 nodejs-trim-off-newlines: ReDoS via string processing 1996123 - ovf stores capacity/truesize on the storage does not match values in engine database 1998255 - [RFE] [UI] Add search box for vNIC Profiles in RHVM WebUI on the main vNIC profiles tab 1999698 - ssl.conf modifications of engine-setup do not conform to best practices (according to red hat insights) 2000031 - SPM host is rebooted multiple times when engine recovers the host 2002283 - Make NumOfPciExpressPorts configurable via engine-config 2003883 - Failed to update the VFs configuration of network interface card type 82599ES and X520 2003996 - ovirt_snapshot module fails to delete snapshot when there is a "Next Run configuration snapshot" 2006602 - vm_statistics table has wrong type for guest_mem_ columns. 2006745 - [MBS] Template disk Copy from data storage domain to Managed Block Storage domain is failing 2007384 - Failed to parse 'writeRate' value xxxx to integer: For input string: xxxx 2007557 - CVE-2021-3807 nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes 2008798 - Older name rhv-openvswitch is not checked in ansible playbook 2010203 - Log analyzer creates faulty VM unmanaged devices report 2010903 - I/O operations/sec reporting wrong values 2013928 - Log analyzer creates faulty non default vdc_option report 2014888 - oVirt executive dashboard/Virtual Machine dashboard does not actually show disk I/O operations per second, but it shows sum of I/o operations since the boot time of VM 2015796 - [RFE] RHV Manager should support running on a host with DISA STIG security profile applied 2019144 - CVE-2021-41182 jquery-ui: XSS in the altField option of the datepicker widget 2019148 - CVE-2021-41183 jquery-ui: XSS in Text options of the datepicker widget 2019153 - CVE-2021-41184 jquery-ui: XSS in the 'of' option of the .position() util 2021217 - [RFE] Windows 2022 support 2023250 - [RFE] Use virt:rhel module instead of virt:av in RHEL 8.6+ to get advanced virtualization packages 2023786 - RHV VM with SAP monitoring configuration does not fail to start if the Host is missing vdsm-hook-vhostmd 2024202 - RHV Dashboard does not show memory and storage details properly when using Spanish language. 2025936 - metrics configuration playbooks failing due to rhel-system-role last refactor 2030596 - [RFE] RHV Manager should support running on a host with the PCI-DSS security profile applied 2030663 - Update Network statistics types in DWH 2031027 - The /usr/share/ovirt-engine/ansible-runner-service-project/inventory/hosts fails rpm verification 2035051 - removing nfs-utils cause ovirt-engine removal due to cinderlib dep tree 2037115 - rhv-image-discrepancies (rhv-log-collector-analyzer-1.0.11-1.el8ev) tool continues flags OVF_STORE volumes. 2037121 - RFE: Add Data Center and Storage Domain name in the rhv-image-discrepancies tool output. 2040361 - Hotplug VirtIO-SCSI disk fails with error "Domain already contains a disk with that address" when IO threads > 1 2040402 - unable to use --log-size=0 option 2040474 - [RFE] Add progress tracking for Cluster Upgrade 2041544 - Admin GUI: Making selection of host while uploading disk it will immediately replace it with the first active host in the list. 2043146 - Expired /etc/pki/vdsm/libvirt-vnc/server-cert.pem certificate is skipped during Enroll Certificate 2044273 - Remove the RHV Guest Tools ISO image upload option from engine-setup 2048546 - sosreport command should be replaced by sos report 2050566 - Upgrade ovirt-log-collector to 4.4.5 2050614 - Upgrade rhvm-setup-plugins to 4.5.0 2051857 - Upgrade rhv-log-collector-analizer to 1.0.13 2052557 - RHV fails to release mdev vGPU device after VM shutdown 2052690 - [RFE] Upgrade to ansible-core-2.12 in ovirt-engine 2054756 - [welcome page] Add link to MTV guide 2055136 - virt module is not changed to the correct stream during host upgrade 2056021 - [BUG]: "Enroll Certificate" operation not updating libvirt-vnc cert and key 2056052 - RHV-H w/ PCI-DSS profile causes OVA export to fail 2056126 - [RFE] Extend time to warn of upcoming certificate expiration 2058264 - Export as OVA playbook gets stuck with 'found an incomplete artifacts directory...Possible ansible_runner error?' 2059521 - [RFE] Upgrade to ansible-core-2.12 in ovirt-engine-metrics 2059877 - [DOCS][Upgrade] Update RHVM update procedure in Upgrade guide 2061904 - Unable to attach a RHV Host back into cluster after removing due to networking 2065052 - [TRACKER] Upgrade to ansible-core-2.12 in RHV 4.4 SP1 2066084 - vmconsole-proxy-user certificate expired - cannot access serial console 2066283 - Upgrade from RHV 4.4.10 to RHV 4.5.0 is broken 2069972 - [Doc][RN]Add cluster-level 4.7 to compatibility table 2070156 - [TESTONLY] Test upgrade from ovirt-engine-4.4.1 2071468 - Engine fenced host that was already reconnected and set to Up status. 2072637 - Build and distribute python38-daemon in RHV channels 2072639 - Build and distribute ansible-runner in RHV channels 2072641 - Build and distribute python38-docutils in RHV channels 2072642 - Build and distribute python38-lockfile in RHV channels 2072645 - Build and distribute python38-pexpect in RHV channels 2072646 - Build and distribute python38-ptyprocess in RHV channels 2075352 - upgrading RHV-H does not renew certificate

  1. Package List:

RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4:

Source: ansible-runner-2.1.3-1.el8ev.src.rpm apache-sshd-2.8.0-0.1.el8ev.src.rpm engine-db-query-1.6.4-1.el8ev.src.rpm ovirt-dependencies-4.5.1-1.el8ev.src.rpm ovirt-engine-4.5.0.7-0.9.el8ev.src.rpm ovirt-engine-dwh-4.5.2-1.el8ev.src.rpm ovirt-engine-metrics-1.6.0-1.el8ev.src.rpm ovirt-engine-ui-extensions-1.3.3-1.el8ev.src.rpm ovirt-log-collector-4.4.5-1.el8ev.src.rpm ovirt-web-ui-1.8.1-2.el8ev.src.rpm rhv-log-collector-analyzer-1.0.13-1.el8ev.src.rpm rhvm-branding-rhv-4.4.11-1.el8ev.src.rpm rhvm-setup-plugins-4.5.0-2.el8ev.src.rpm vdsm-jsonrpc-java-1.7.1-2.el8ev.src.rpm

noarch: ansible-runner-2.1.3-1.el8ev.noarch.rpm apache-sshd-2.8.0-0.1.el8ev.noarch.rpm apache-sshd-javadoc-2.8.0-0.1.el8ev.noarch.rpm engine-db-query-1.6.4-1.el8ev.noarch.rpm ovirt-dependencies-4.5.1-1.el8ev.noarch.rpm ovirt-engine-4.5.0.7-0.9.el8ev.noarch.rpm ovirt-engine-backend-4.5.0.7-0.9.el8ev.noarch.rpm ovirt-engine-dbscripts-4.5.0.7-0.9.el8ev.noarch.rpm ovirt-engine-dwh-4.5.2-1.el8ev.noarch.rpm ovirt-engine-dwh-grafana-integration-setup-4.5.2-1.el8ev.noarch.rpm ovirt-engine-dwh-setup-4.5.2-1.el8ev.noarch.rpm ovirt-engine-health-check-bundler-4.5.0.7-0.9.el8ev.noarch.rpm ovirt-engine-metrics-1.6.0-1.el8ev.noarch.rpm ovirt-engine-restapi-4.5.0.7-0.9.el8ev.noarch.rpm ovirt-engine-setup-4.5.0.7-0.9.el8ev.noarch.rpm ovirt-engine-setup-base-4.5.0.7-0.9.el8ev.noarch.rpm ovirt-engine-setup-plugin-cinderlib-4.5.0.7-0.9.el8ev.noarch.rpm ovirt-engine-setup-plugin-imageio-4.5.0.7-0.9.el8ev.noarch.rpm ovirt-engine-setup-plugin-ovirt-engine-4.5.0.7-0.9.el8ev.noarch.rpm ovirt-engine-setup-plugin-ovirt-engine-common-4.5.0.7-0.9.el8ev.noarch.rpm ovirt-engine-setup-plugin-vmconsole-proxy-helper-4.5.0.7-0.9.el8ev.noarch.rpm ovirt-engine-setup-plugin-websocket-proxy-4.5.0.7-0.9.el8ev.noarch.rpm ovirt-engine-tools-4.5.0.7-0.9.el8ev.noarch.rpm ovirt-engine-tools-backup-4.5.0.7-0.9.el8ev.noarch.rpm ovirt-engine-ui-extensions-1.3.3-1.el8ev.noarch.rpm ovirt-engine-vmconsole-proxy-helper-4.5.0.7-0.9.el8ev.noarch.rpm ovirt-engine-webadmin-portal-4.5.0.7-0.9.el8ev.noarch.rpm ovirt-engine-websocket-proxy-4.5.0.7-0.9.el8ev.noarch.rpm ovirt-log-collector-4.4.5-1.el8ev.noarch.rpm ovirt-web-ui-1.8.1-2.el8ev.noarch.rpm python3-ovirt-engine-lib-4.5.0.7-0.9.el8ev.noarch.rpm python38-ansible-runner-2.1.3-1.el8ev.noarch.rpm python38-docutils-0.14-12.4.el8ev.noarch.rpm rhv-log-collector-analyzer-1.0.13-1.el8ev.noarch.rpm rhvm-4.5.0.7-0.9.el8ev.noarch.rpm rhvm-branding-rhv-4.4.11-1.el8ev.noarch.rpm rhvm-setup-plugins-4.5.0-2.el8ev.noarch.rpm vdsm-jsonrpc-java-1.7.1-2.el8ev.noarch.rpm vdsm-jsonrpc-java-javadoc-1.7.1-2.el8ev.noarch.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2021-3807 https://access.redhat.com/security/cve/CVE-2021-23425 https://access.redhat.com/security/cve/CVE-2021-33502 https://access.redhat.com/security/cve/CVE-2021-41182 https://access.redhat.com/security/cve/CVE-2021-41183 https://access.redhat.com/security/cve/CVE-2021-41184 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBYo/qI9zjgjWX9erEAQhpng//aJBlyx9sUzPTC08WE6OwY4Ihk8b0wSh5 C9RWX/PmlDE2CAivQHpSs8D7/IizHl4Arn6f0HJx+NavN8YfbApqs2mcq+KUKYuC /VxCb3YlukeDsXeYIM+ScifS9M+N+WNGy9BRrlcYxZ4Ya5zLYv/ibrrHCX44yKz8 Jg5abyQyCzI6DEPjSDRIZkULLIdkbQ8xGd7j5P4ThAR2MRf8deeHez4/NmfrQm6n Q3f4qeQlljiNgoGdxa2z65Shxpb3pkWGt81MZuMwKpRa6EDBDs8vGMA0LZamsikv XZUU2P7d+JrXvLd2bmfGty6EaQ2FY0XoB0vvK1AyUhSZkX2thUvFsEgIdWjLSu4a eT28D2etZLTIyl1DB42L+5gcomaQTn0sT0i99ExWkFyf9xWne+ygOFYydjV0/fy+ 530Pwzlk9c2QtHgJ/XzGU12QLzKa/tvLbqXTfmAmlqDkU/+3aIr2l5SgnudzY4NN BAUae8noIVWEs6L+6DY5HYt+x+WYYLipQh9gPjpBOaH+sEFvZ2+GzlVR0zF4IM5E qLH5bopwO6GfHeNjv+4U+l+3kjhJIpwrsy/uzc+/mExrraYFpZc8skbcGRyhQ7ML CtHSV7Y4x/OguhgYeqx1ocCfpIpkbu4MGa4esGDW4ocvL03AHnbxOG7gGvBH35oF cada2etYwu0=nreb -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202110-1615",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "drupal",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "drupal",
        "version": "9.2.0"
      },
      {
        "model": "h700e",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "h500e",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "rest data services",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "22.1.1"
      },
      {
        "model": "h300e",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "communications operations monitor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "4.3"
      },
      {
        "model": "banking platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "2.9.0"
      },
      {
        "model": "communications operations monitor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "4.4"
      },
      {
        "model": "hospitality inventory management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "9.1.0"
      },
      {
        "model": "jd edwards enterpriseone tools",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "9.2.6.3"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.59"
      },
      {
        "model": "primavera gateway",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "20.12.0"
      },
      {
        "model": "weblogic server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.1.1.0.0"
      },
      {
        "model": "communications operations monitor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.0"
      },
      {
        "model": "drupal",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "drupal",
        "version": "9.3.0"
      },
      {
        "model": "h300s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "weblogic server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.4.0"
      },
      {
        "model": "h500s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "primavera gateway",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "21.12.0"
      },
      {
        "model": "primavera gateway",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "18.8.0"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "35"
      },
      {
        "model": "h410c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "drupal",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "drupal",
        "version": "7.86"
      },
      {
        "model": "tenable.sc",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "tenable",
        "version": "5.21.0"
      },
      {
        "model": "h700s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "agile plm",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "9.3.6"
      },
      {
        "model": "hospitality suite8",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "11.14.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "34"
      },
      {
        "model": "drupal",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "drupal",
        "version": "9.2.11"
      },
      {
        "model": "big data spatial and graph",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "23.1"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.29"
      },
      {
        "model": "primavera gateway",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "19.12.0"
      },
      {
        "model": "weblogic server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.3.0"
      },
      {
        "model": "hospitality suite8",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.10.2"
      },
      {
        "model": "rest data services",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "22.1.1"
      },
      {
        "model": "policy automation",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.0"
      },
      {
        "model": "communications interactive session recorder",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "6.4"
      },
      {
        "model": "jquery ui",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "jqueryui",
        "version": "1.13.0"
      },
      {
        "model": "banking platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "2.12.0"
      },
      {
        "model": "policy automation",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.5"
      },
      {
        "model": "primavera gateway",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "17.12"
      },
      {
        "model": "drupal",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "drupal",
        "version": "9.3.3"
      },
      {
        "model": "h410s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "hospitality suite8",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.11.0"
      },
      {
        "model": "primavera gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "17.7"
      },
      {
        "model": "application express",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "22.1.1"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "36"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "33"
      },
      {
        "model": "big data spatial and graph",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "23.1"
      },
      {
        "model": "drupal",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "drupal",
        "version": "7.0"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.58"
      },
      {
        "model": "h300s",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "h500e",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "h500s",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "ui",
        "scope": null,
        "trust": 0.8,
        "vendor": "jquery",
        "version": null
      },
      {
        "model": "h410c",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "h300e",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "h700e",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "drupal",
        "scope": null,
        "trust": 0.8,
        "vendor": "drupal",
        "version": null
      },
      {
        "model": "gnu/linux",
        "scope": null,
        "trust": 0.8,
        "vendor": "debian",
        "version": null
      },
      {
        "model": "h410s",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "h700s",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "fedora",
        "scope": null,
        "trust": 0.8,
        "vendor": "fedora",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-014042"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-41183"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:jquery:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.13.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.3.3",
                "versionStartIncluding": "9.3.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.2.11",
                "versionStartIncluding": "9.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.86",
                "versionStartIncluding": "7.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:19.12.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "17.12",
                "versionStartIncluding": "17.7",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:18.8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:hospitality_inventory_management:9.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:20.12.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:big_data_spatial_and_graph:23.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "23.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.0.29",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:hospitality_suite8:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "11.14.0",
                "versionStartIncluding": "8.11.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.2.6.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:rest_data_services:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "22.1.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "22.1.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "12.2.5",
                "versionStartIncluding": "12.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:rest_data_services:22.1.1:*:*:*:-:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.21.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-41183"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "167278"
      }
    ],
    "trust": 0.1
  },
  "cve": "CVE-2021-41183",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2021-41183",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-397877",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "impactScore": 2.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "security-advisories@github.com",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "impactScore": 3.6,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.1,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2021-41183",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2021-41183",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "security-advisories@github.com",
            "id": "CVE-2021-41183",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202110-1839",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-397877",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-41183",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-397877"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-41183"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-014042"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-41183"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-41183"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-1839"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources. jQuery-UI Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. jQuery is an open source, cross-browser JavaScript library developed by American John Resig individual developer. The library simplifies the operation between HTML and JavaScript, and has the characteristics of modularization and plug-in extension. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: RHV Manager (ovirt-engine) [ovirt-4.5.0] security update\nAdvisory ID:       RHSA-2022:4711-01\nProduct:           Red Hat Virtualization\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:4711\nIssue date:        2022-05-26\nCVE Names:         CVE-2021-3807 CVE-2021-23425 CVE-2021-33502\n                   CVE-2021-41182 CVE-2021-41183 CVE-2021-41184\n====================================================================\n1. Summary:\n\nUpdated ovirt-engine packages that fix several bugs and add various\nenhancements are now available. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4 - noarch\n\n3. Description:\n\nThe ovirt-engine package provides the Red Hat Virtualization Manager, a\ncentralized management platform that allows system administrators to view\nand manage virtual machines. The Manager provides a comprehensive range of\nfeatures including search capabilities, resource management, live\nmigrations, and virtual infrastructure provisioning. \n\nSecurity Fix(es):\n\n* nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching\nANSI escape codes (CVE-2021-3807)\n\n* nodejs-trim-off-newlines: ReDoS via string processing (CVE-2021-23425)\n\n* normalize-url: ReDoS for data URLs (CVE-2021-33502)\n\n* jquery-ui: XSS in the altField option of the datepicker widget\n(CVE-2021-41182)\n\n* jquery-ui: XSS in *Text options of the datepicker widget (CVE-2021-41183)\n\n* jquery-ui: XSS in the \u0027of\u0027 option of the .position() util\n(CVE-2021-41184)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nA list of bugs fixed in this update is available in the Technical Notes\nbook:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n655153 - [RFE] confirmation prompt when suspending a virtual machine - webadmin\n977778 - [RFE] - Mechanism for converting disks for non-running VMS\n1624015 - [RFE] Expose Console Options and Console invocation via API\n1648985 - VM from VM-pool which is already in use by a SuperUser is presented to another User with UserRole permission who can shutdown the VM. \n1667517 - [RFE] add VM Portal setting for set screen mode\n1687845 - Multiple notification for one time host activation\n1781241 - missing ?connect automatically? option in vm portal\n1782056 - [RFE] Integration of built-in ipsec feature in RHV/RHHI-V with OVN\n1849169 - [RFE] add virtualCPUs/physicalCPUs ratio property to evenly_distributed policy\n1878930 - [RFE] Provide warning event if MAC Address Pool free and available addresses are below threshold\n1922977 - [RFE] VM shared disks are not part of the OVF_STORE\n1926625 - [RFE] How to enable HTTP Strict Transport Security (HSTS) on Apache HTTPD for Red Hat Virtualization Manager\n1927985 - [RFE] Speed up export-to-OVA on NFS by aligning loopback device offset\n1944290 - URL to change the password is not shown properly\n1944834 - [RFE] Timer for Console Disconnect Action - Shutdown VM after N minutes of being disconnected (Webadmin-only)\n1956295 - Template import from storage domain fails when quota is enabled. \n1959186 - Enable assignment of user quota when provisioning from a non-blank template via rest-api\n1964208 - [RFE] add new feature for VM\u0027s screenshot on RestAPI\n1964461 - CVE-2021-33502 normalize-url: ReDoS for data URLs\n1971622 - Incorrect warning displayed: \"The VM CPU does not match the Cluster CPU Type\"\n1974741 - Disk images remain in locked state if the HE VM is rebooted during a image transfer\n1979441 - High Performance VMs always have \"VM CPU does not match the cluster CPU Type\" warning\n1979797 - Ask user for confirmation when the deleted storage domain has leases of VMs that has disk in other SDs\n1980192 - Network statistics copy a U64 into DECIMAL(18,4)\n1986726 - VM imported from OVA gets thin provisioned disk despite of allocation policy set as \u0027preallocated\u0027\n1986834 - [DOCS] add nodejs and maven to list of subscription streams to be enabled  in RHVM installation\n1987121 - [RFE] Support enabling nVidia Unified Memory on mdev vGPU\n1988496 - vmconsole-proxy-helper.cer is not renewed when running engine-setup\n1990462 - [RFE] Add user name and password to ELK integration\n1991240 - Assign user quota when provisioning from a non-blank template via web-ui\n1995793 - CVE-2021-23425 nodejs-trim-off-newlines: ReDoS via string processing\n1996123 - ovf stores capacity/truesize on the storage does not match values in engine database\n1998255 - [RFE] [UI] Add search box for vNIC Profiles in RHVM WebUI on the main vNIC profiles tab\n1999698 - ssl.conf modifications of engine-setup do not conform to best practices (according to red hat insights)\n2000031 - SPM host is rebooted multiple times when engine recovers the host\n2002283 - Make NumOfPciExpressPorts configurable via engine-config\n2003883 - Failed to update the VFs configuration of network interface card type 82599ES and X520\n2003996 - ovirt_snapshot module fails to delete snapshot when there is a \"Next Run configuration snapshot\"\n2006602 - vm_statistics table has wrong type for guest_mem_* columns. \n2006745 - [MBS] Template disk Copy from data storage domain to Managed Block Storage domain is failing\n2007384 - Failed to parse \u0027writeRate\u0027 value xxxx to integer: For input string: xxxx\n2007557 - CVE-2021-3807 nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes\n2008798 - Older name rhv-openvswitch is not checked in ansible playbook\n2010203 - Log analyzer creates faulty VM unmanaged devices  report\n2010903 - I/O operations/sec reporting wrong values\n2013928 - Log analyzer creates faulty non default vdc_option report\n2014888 - oVirt executive dashboard/Virtual Machine dashboard does not actually show disk I/O operations per second, but it shows sum of I/o operations since the boot time of VM\n2015796 - [RFE] RHV Manager should support running on a host with DISA STIG security profile applied\n2019144 - CVE-2021-41182 jquery-ui: XSS in the altField option of the datepicker widget\n2019148 - CVE-2021-41183 jquery-ui: XSS in *Text options of the datepicker widget\n2019153 - CVE-2021-41184 jquery-ui: XSS in the \u0027of\u0027 option of the .position() util\n2021217 - [RFE] Windows 2022 support\n2023250 - [RFE] Use virt:rhel module instead of virt:av in RHEL 8.6+ to get advanced virtualization packages\n2023786 - RHV VM with SAP monitoring configuration does not fail to start if the Host is missing vdsm-hook-vhostmd\n2024202 - RHV Dashboard does not show memory and storage details properly when using Spanish language. \n2025936 - metrics configuration playbooks failing due to rhel-system-role last refactor\n2030596 - [RFE] RHV Manager should support running on a host with the PCI-DSS security profile applied\n2030663 - Update Network statistics types in DWH\n2031027 - The /usr/share/ovirt-engine/ansible-runner-service-project/inventory/hosts fails rpm verification\n2035051 - removing nfs-utils cause ovirt-engine removal due to cinderlib dep tree\n2037115 - rhv-image-discrepancies (rhv-log-collector-analyzer-1.0.11-1.el8ev) tool continues flags OVF_STORE volumes. \n2037121 - RFE:  Add Data Center and Storage Domain name in the rhv-image-discrepancies tool output. \n2040361 - Hotplug VirtIO-SCSI disk fails with error \"Domain already contains a disk with that address\" when IO threads \u003e 1\n2040402 - unable to use --log-size=0 option\n2040474 - [RFE] Add progress tracking for Cluster Upgrade\n2041544 - Admin GUI: Making selection of host while uploading disk it will immediately replace it with the first active host in the list. \n2043146 - Expired /etc/pki/vdsm/libvirt-vnc/server-cert.pem certificate is skipped during Enroll Certificate\n2044273 - Remove the RHV Guest Tools ISO image upload option from engine-setup\n2048546 - sosreport command should be replaced by sos report\n2050566 - Upgrade ovirt-log-collector to 4.4.5\n2050614 - Upgrade rhvm-setup-plugins to 4.5.0\n2051857 - Upgrade rhv-log-collector-analizer to 1.0.13\n2052557 - RHV fails to release mdev vGPU device after VM shutdown\n2052690 - [RFE] Upgrade to ansible-core-2.12 in ovirt-engine\n2054756 - [welcome page] Add link to MTV guide\n2055136 - virt module is not changed to the correct stream during host upgrade\n2056021 - [BUG]: \"Enroll Certificate\" operation not updating libvirt-vnc cert and key\n2056052 - RHV-H w/ PCI-DSS profile causes OVA export to fail\n2056126 - [RFE] Extend time to warn of upcoming certificate expiration\n2058264 - Export as OVA playbook gets stuck with \u0027found an incomplete artifacts directory...Possible ansible_runner error?\u0027\n2059521 - [RFE] Upgrade to ansible-core-2.12 in ovirt-engine-metrics\n2059877 - [DOCS][Upgrade] Update RHVM update procedure in Upgrade guide\n2061904 - Unable to attach a RHV Host back into cluster after removing due to networking\n2065052 - [TRACKER] Upgrade to ansible-core-2.12 in RHV 4.4 SP1\n2066084 - vmconsole-proxy-user certificate expired - cannot access serial console\n2066283 - Upgrade from RHV 4.4.10 to RHV 4.5.0 is broken\n2069972 - [Doc][RN]Add cluster-level 4.7 to compatibility table\n2070156 - [TESTONLY] Test upgrade from ovirt-engine-4.4.1\n2071468 - Engine fenced host that was already reconnected and set to Up status. \n2072637 - Build and distribute python38-daemon in RHV channels\n2072639 - Build and distribute ansible-runner in RHV channels\n2072641 - Build and distribute python38-docutils in RHV channels\n2072642 - Build and distribute python38-lockfile in RHV channels\n2072645 - Build and distribute python38-pexpect in RHV channels\n2072646 - Build and distribute python38-ptyprocess in RHV channels\n2075352 - upgrading RHV-H does not renew certificate\n\n6. Package List:\n\nRHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4:\n\nSource:\nansible-runner-2.1.3-1.el8ev.src.rpm\napache-sshd-2.8.0-0.1.el8ev.src.rpm\nengine-db-query-1.6.4-1.el8ev.src.rpm\novirt-dependencies-4.5.1-1.el8ev.src.rpm\novirt-engine-4.5.0.7-0.9.el8ev.src.rpm\novirt-engine-dwh-4.5.2-1.el8ev.src.rpm\novirt-engine-metrics-1.6.0-1.el8ev.src.rpm\novirt-engine-ui-extensions-1.3.3-1.el8ev.src.rpm\novirt-log-collector-4.4.5-1.el8ev.src.rpm\novirt-web-ui-1.8.1-2.el8ev.src.rpm\nrhv-log-collector-analyzer-1.0.13-1.el8ev.src.rpm\nrhvm-branding-rhv-4.4.11-1.el8ev.src.rpm\nrhvm-setup-plugins-4.5.0-2.el8ev.src.rpm\nvdsm-jsonrpc-java-1.7.1-2.el8ev.src.rpm\n\nnoarch:\nansible-runner-2.1.3-1.el8ev.noarch.rpm\napache-sshd-2.8.0-0.1.el8ev.noarch.rpm\napache-sshd-javadoc-2.8.0-0.1.el8ev.noarch.rpm\nengine-db-query-1.6.4-1.el8ev.noarch.rpm\novirt-dependencies-4.5.1-1.el8ev.noarch.rpm\novirt-engine-4.5.0.7-0.9.el8ev.noarch.rpm\novirt-engine-backend-4.5.0.7-0.9.el8ev.noarch.rpm\novirt-engine-dbscripts-4.5.0.7-0.9.el8ev.noarch.rpm\novirt-engine-dwh-4.5.2-1.el8ev.noarch.rpm\novirt-engine-dwh-grafana-integration-setup-4.5.2-1.el8ev.noarch.rpm\novirt-engine-dwh-setup-4.5.2-1.el8ev.noarch.rpm\novirt-engine-health-check-bundler-4.5.0.7-0.9.el8ev.noarch.rpm\novirt-engine-metrics-1.6.0-1.el8ev.noarch.rpm\novirt-engine-restapi-4.5.0.7-0.9.el8ev.noarch.rpm\novirt-engine-setup-4.5.0.7-0.9.el8ev.noarch.rpm\novirt-engine-setup-base-4.5.0.7-0.9.el8ev.noarch.rpm\novirt-engine-setup-plugin-cinderlib-4.5.0.7-0.9.el8ev.noarch.rpm\novirt-engine-setup-plugin-imageio-4.5.0.7-0.9.el8ev.noarch.rpm\novirt-engine-setup-plugin-ovirt-engine-4.5.0.7-0.9.el8ev.noarch.rpm\novirt-engine-setup-plugin-ovirt-engine-common-4.5.0.7-0.9.el8ev.noarch.rpm\novirt-engine-setup-plugin-vmconsole-proxy-helper-4.5.0.7-0.9.el8ev.noarch.rpm\novirt-engine-setup-plugin-websocket-proxy-4.5.0.7-0.9.el8ev.noarch.rpm\novirt-engine-tools-4.5.0.7-0.9.el8ev.noarch.rpm\novirt-engine-tools-backup-4.5.0.7-0.9.el8ev.noarch.rpm\novirt-engine-ui-extensions-1.3.3-1.el8ev.noarch.rpm\novirt-engine-vmconsole-proxy-helper-4.5.0.7-0.9.el8ev.noarch.rpm\novirt-engine-webadmin-portal-4.5.0.7-0.9.el8ev.noarch.rpm\novirt-engine-websocket-proxy-4.5.0.7-0.9.el8ev.noarch.rpm\novirt-log-collector-4.4.5-1.el8ev.noarch.rpm\novirt-web-ui-1.8.1-2.el8ev.noarch.rpm\npython3-ovirt-engine-lib-4.5.0.7-0.9.el8ev.noarch.rpm\npython38-ansible-runner-2.1.3-1.el8ev.noarch.rpm\npython38-docutils-0.14-12.4.el8ev.noarch.rpm\nrhv-log-collector-analyzer-1.0.13-1.el8ev.noarch.rpm\nrhvm-4.5.0.7-0.9.el8ev.noarch.rpm\nrhvm-branding-rhv-4.4.11-1.el8ev.noarch.rpm\nrhvm-setup-plugins-4.5.0-2.el8ev.noarch.rpm\nvdsm-jsonrpc-java-1.7.1-2.el8ev.noarch.rpm\nvdsm-jsonrpc-java-javadoc-1.7.1-2.el8ev.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-3807\nhttps://access.redhat.com/security/cve/CVE-2021-23425\nhttps://access.redhat.com/security/cve/CVE-2021-33502\nhttps://access.redhat.com/security/cve/CVE-2021-41182\nhttps://access.redhat.com/security/cve/CVE-2021-41183\nhttps://access.redhat.com/security/cve/CVE-2021-41184\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYo/qI9zjgjWX9erEAQhpng//aJBlyx9sUzPTC08WE6OwY4Ihk8b0wSh5\nC9RWX/PmlDE2CAivQHpSs8D7/IizHl4Arn6f0HJx+NavN8YfbApqs2mcq+KUKYuC\n/VxCb3YlukeDsXeYIM+ScifS9M+N+WNGy9BRrlcYxZ4Ya5zLYv/ibrrHCX44yKz8\nJg5abyQyCzI6DEPjSDRIZkULLIdkbQ8xGd7j5P4ThAR2MRf8deeHez4/NmfrQm6n\nQ3f4qeQlljiNgoGdxa2z65Shxpb3pkWGt81MZuMwKpRa6EDBDs8vGMA0LZamsikv\nXZUU2P7d+JrXvLd2bmfGty6EaQ2FY0XoB0vvK1AyUhSZkX2thUvFsEgIdWjLSu4a\neT28D2etZLTIyl1DB42L+5gcomaQTn0sT0i99ExWkFyf9xWne+ygOFYydjV0/fy+\n530Pwzlk9c2QtHgJ/XzGU12QLzKa/tvLbqXTfmAmlqDkU/+3aIr2l5SgnudzY4NN\nBAUae8noIVWEs6L+6DY5HYt+x+WYYLipQh9gPjpBOaH+sEFvZ2+GzlVR0zF4IM5E\nqLH5bopwO6GfHeNjv+4U+l+3kjhJIpwrsy/uzc+/mExrraYFpZc8skbcGRyhQ7ML\nCtHSV7Y4x/OguhgYeqx1ocCfpIpkbu4MGa4esGDW4ocvL03AHnbxOG7gGvBH35oF\ncada2etYwu0=nreb\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-41183"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-014042"
      },
      {
        "db": "VULHUB",
        "id": "VHN-397877"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-41183"
      },
      {
        "db": "PACKETSTORM",
        "id": "167278"
      }
    ],
    "trust": 1.89
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-41183",
        "trust": 3.5
      },
      {
        "db": "TENABLE",
        "id": "TNS-2022-09",
        "trust": 1.8
      },
      {
        "db": "PACKETSTORM",
        "id": "167278",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-014042",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-1839",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.2458",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0236",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.2191",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.5431",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.2599",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.1792",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.3896",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.1837",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.6384",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022030804",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022062021",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022042017",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022011946",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-397877",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-41183",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-397877"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-41183"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-014042"
      },
      {
        "db": "PACKETSTORM",
        "id": "167278"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-41183"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-1839"
      }
    ]
  },
  "id": "VAR-202110-1615",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-397877"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T10:50:49.473000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "NTAP-20211118-0004",
        "trust": 0.8,
        "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html"
      },
      {
        "title": "jQuery Fixes for cross-site scripting vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=167278"
      },
      {
        "title": "Red Hat: Moderate: RHV Manager (ovirt-engine) [ovirt-4.5.0] security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20224711 - security advisory"
      },
      {
        "title": "Red Hat: CVE-2021-41183",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2021-41183"
      },
      {
        "title": "IBM: Security Bulletin: API Connect is vulnerable to JQuery-UI Cross-Site Scripting (XSS) (CVE-2021-41184, CVE-2021-41183, CVE-2021-41182)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=cad03619ba21e75b9c9476e5adf69069"
      },
      {
        "title": "Tenable Security Advisories: [R1] Tenable.sc 5.21.0 Fixes Multiple Third-Party Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2022-09"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2021-41183 "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/marksowell/retire-html-parser "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-41183"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-014042"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-1839"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.1
      },
      {
        "problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-397877"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-014042"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-41183"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/nxiuubrvla4e7g7mmikcen75yn7uferw/"
      },
      {
        "trust": 1.8,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/o74sxyy7rgxreqdqudqd4bpj4qqtd2xq/"
      },
      {
        "trust": 1.8,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/snxa7xrkginwsuipiz6zbctv6n3kshes/"
      },
      {
        "trust": 1.8,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/hvkiowsxl2rf2ulnap7phesycfszije3/"
      },
      {
        "trust": 1.8,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/sgsy236pysfyiebrgderla7osy6d7xl4/"
      },
      {
        "trust": 1.8,
        "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html"
      },
      {
        "trust": 1.8,
        "url": "https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/"
      },
      {
        "trust": 1.8,
        "url": "https://bugs.jqueryui.com/ticket/15284"
      },
      {
        "trust": 1.8,
        "url": "https://github.com/jquery/jquery-ui/pull/1953"
      },
      {
        "trust": 1.8,
        "url": "https://github.com/jquery/jquery-ui/security/advisories/ghsa-j7qv-pgf6-hvh4"
      },
      {
        "trust": 1.8,
        "url": "https://security.netapp.com/advisory/ntap-20211118-0004/"
      },
      {
        "trust": 1.8,
        "url": "https://www.drupal.org/sa-contrib-2022-004"
      },
      {
        "trust": 1.8,
        "url": "https://www.drupal.org/sa-core-2022-001"
      },
      {
        "trust": 1.8,
        "url": "https://www.drupal.org/sa-core-2022-002"
      },
      {
        "trust": 1.8,
        "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
      },
      {
        "trust": 1.8,
        "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
      },
      {
        "trust": 1.8,
        "url": "https://www.tenable.com/security/tns-2022-09"
      },
      {
        "trust": 1.0,
        "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41183"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2021-41183"
      },
      {
        "trust": 0.6,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/o74sxyy7rgxreqdqudqd4bpj4qqtd2xq/"
      },
      {
        "trust": 0.6,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/snxa7xrkginwsuipiz6zbctv6n3kshes/"
      },
      {
        "trust": 0.6,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/sgsy236pysfyiebrgderla7osy6d7xl4/"
      },
      {
        "trust": 0.6,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/nxiuubrvla4e7g7mmikcen75yn7uferw/"
      },
      {
        "trust": 0.6,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/hvkiowsxl2rf2ulnap7phesycfszije3/"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/jquery-ui-three-vulnerabilities-36936"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022030804"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.2458"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.1792"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/6525274"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022042017"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/167278/red-hat-security-advisory-2022-4711-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.2191"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.6384"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022011946"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022062021"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.1837"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.5431"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.3896"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.2599"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0236"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/errata/rhsa-2022:4711"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/79.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2021-41183"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-api-connect-is-vulnerable-to-jquery-ui-cross-site-scripting-xss-cve-2021-41184-cve-2021-41183-cve-2021-41182/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23425"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3807"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-41182"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-41184"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41184"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33502"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23425"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/2974891"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3807"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41182"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33502"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-397877"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-41183"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-014042"
      },
      {
        "db": "PACKETSTORM",
        "id": "167278"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-41183"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-1839"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-397877"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-41183"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-014042"
      },
      {
        "db": "PACKETSTORM",
        "id": "167278"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-41183"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-1839"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-10-26T00:00:00",
        "db": "VULHUB",
        "id": "VHN-397877"
      },
      {
        "date": "2021-10-26T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-41183"
      },
      {
        "date": "2022-10-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-014042"
      },
      {
        "date": "2022-05-27T15:37:28",
        "db": "PACKETSTORM",
        "id": "167278"
      },
      {
        "date": "2021-10-26T15:15:10.387000",
        "db": "NVD",
        "id": "CVE-2021-41183"
      },
      {
        "date": "2021-10-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202110-1839"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-11-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-397877"
      },
      {
        "date": "2023-06-21T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-41183"
      },
      {
        "date": "2022-10-03T06:51:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-014042"
      },
      {
        "date": "2023-08-31T03:15:13.023000",
        "db": "NVD",
        "id": "CVE-2021-41183"
      },
      {
        "date": "2022-12-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202110-1839"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-1839"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "jQuery-UI\u00a0 Cross-site scripting vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-014042"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "xss",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "167278"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-1839"
      }
    ],
    "trust": 0.7
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...
  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.