Lucene search

Veracode Vulnerability DatabaseVERACODE:20548

HistoryJun 17, 2019 - 12:21 a.m.

Cross-site Scripting (XSS)

2019-06-1700:21:05

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

JSON

picketlink is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary Javascript into a victim’s browser through an SAMLRequest via the RelayState parameter.

CPENameOperatorVersion
eap7-jboss-marshallingeq2.0.6__2.Final_redhat_00001.1.el6eap
eap7-jboss-marshallingeq2.0.4__1.Final_redhat_1.1.ep7.el7
eap7-jboss-marshallingeq2.0.2__1.Final_redhat_1.1.ep7.el7
eap7-jboss-marshallingeq2.0.2__1.Final_redhat_1.1.ep7.el6
eap7-jboss-marshallingeq2.0.6__1.Final_redhat_00001.1.ep7.el6
eap7-jboss-marshallingeq1.4.10__3.Final_redhat_3.1.ep7.el6
eap7-jboss-marshallingeq2.0.4__1.Final_redhat_1.1.ep7.el6
eap7-jboss-marshallingeq2.0.6__2.Final_redhat_00001.1.el7eap
eap7-jboss-marshallingeq2.0.6__2.Final_redhat_00001.1.el8eap
eap7-jboss-marshallingeq1.4.10__3.Final_redhat_3.1.ep7.el7

Name	Operator	Version
eap7-jboss-marshalling	eq	2.0.6__2.Final_redhat_00001.1.el6eap
eap7-jboss-marshalling	eq	2.0.4__1.Final_redhat_1.1.ep7.el7
eap7-jboss-marshalling	eq	2.0.2__1.Final_redhat_1.1.ep7.el7
eap7-jboss-marshalling	eq	2.0.2__1.Final_redhat_1.1.ep7.el6
eap7-jboss-marshalling	eq	2.0.6__1.Final_redhat_00001.1.ep7.el6
eap7-jboss-marshalling	eq	1.4.10__3.Final_redhat_3.1.ep7.el6
eap7-jboss-marshalling	eq	2.0.4__1.Final_redhat_1.1.ep7.el6
eap7-jboss-marshalling	eq	2.0.6__2.Final_redhat_00001.1.el7eap
eap7-jboss-marshalling	eq	2.0.6__2.Final_redhat_00001.1.el8eap
eap7-jboss-marshalling	eq	1.4.10__3.Final_redhat_3.1.ep7.el7

Rows per page:

1-10 of 4421

References

www.securityfocus.com/bid/108732

access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/

access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/

access.redhat.com/errata/RHSA-2019:1419

access.redhat.com/security/updates/classification/#moderate

bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3872

issues.jboss.org/browse/JBEAP-16124

issues.jboss.org/browse/JBEAP-16139

issues.jboss.org/browse/JBEAP-16360

issues.jboss.org/browse/JBEAP-16362

issues.jboss.org/browse/JBEAP-16370

issues.jboss.org/browse/JBEAP-16453

issues.jboss.org/browse/JBEAP-16457

issues.jboss.org/browse/JBEAP-16470

issues.jboss.org/browse/JBEAP-16471

issues.jboss.org/browse/JBEAP-16473

issues.jboss.org/browse/JBEAP-16580

issues.jboss.org/browse/JBEAP-16622

issues.jboss.org/browse/JBEAP-16632

issues.jboss.org/browse/JBEAP-16633

issues.jboss.org/browse/JBEAP-16670

issues.jboss.org/browse/JBEAP-16709

issues.jboss.org/browse/JBEAP-16717

issues.jboss.org/browse/JBEAP-16720

issues.jboss.org/browse/JBEAP-16781

issues.jboss.org/browse/JBEAP-16860

issues.jboss.org/browse/JBEAP-16881

issues.jboss.org/browse/JBEAP-16882

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

JSON

Related for VERACODE:20548