CVE-2019-17091

{"id": "CVE-2019-17091", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2019-10-02T14:15:12.600", "references": [{"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=548244", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/eclipse-ee4j/mojarra/commit/8f70f2bd024f00ecd5b3dcca45df73edda29dcee", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/eclipse-ee4j/mojarra/commit/a3fa9573789ed5e867c43ea38374f4dbd5a8f81f", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/eclipse-ee4j/mojarra/compare/2.3.9-RELEASE...2.3.10-RELEASE", "tags": ["Release Notes", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/eclipse-ee4j/mojarra/files/3039198/advisory.txt", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/eclipse-ee4j/mojarra/issues/4556", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/eclipse-ee4j/mojarra/pull/4567", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/javaserverfaces/mojarra/commit/ae1c234d0a6750822ac69d4ae26d90e3571f27fe", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/javaserverfaces/mojarra/commit/f61935cd39f34329fbf27b1972a506fbdd0ab4d4", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/javaserverfaces/mojarra/compare/2.2.19...2.2.20", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.oracle.com/security-alerts/cpujan2020.html", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.oracle.com/security-alerts/cpujan2021.html", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.oracle.com/security-alerts/cpujan2022.html", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.oracle.com/security-alerts/cpujul2020.html", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client window field is mishandled."}, {"lang": "es", "value": "El archivo faces/context/PartialViewContextImpl.java en Eclipse Mojarra, como es usado en Mojarra para Eclipse EE4J versiones anteriores a 2.3.10 y Mojarra JavaServer Faces versiones anteriores a 2.2.20, permite un ataque de tipo XSS Reflejado porque un campo client window es manejado inapropiadamente."}], "lastModified": "2022-04-06T18:00:47.783", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:eclipse:mojarra:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF187C4C-1F1D-4C85-AD4F-B1583FE38E55", "versionEndExcluding": "2.3.10", "versionStartIncluding": "2.3.0"}, {"criteria": "cpe:2.3:a:oracle:mojarra_javaserver_faces:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1802D8E3-E0CB-40AB-A326-D86676EBAE75", "versionEndExcluding": "2.2.20", "versionStartIncluding": "2.2.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10F17843-32EA-4C31-B65C-F424447BEF7B"}, {"criteria": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A125E817-F974-4509-872C-B71933F42AD1"}, {"criteria": "cpe:2.3:a:oracle:banking_enterprise_product_manufacturing:2.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5AED3C78-7D65-4F02-820D-B51BCE4022F9"}, {"criteria": "cpe:2.3:a:oracle:banking_enterprise_product_manufacturing:2.8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "557A23A1-4762-4D29-A478-D1670C1847D3"}, {"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12981AA7-BBF6-4158-8F7D-9DD3880FDCC1", "versionEndIncluding": "8.4.0.5", "versionStartIncluding": "8.0.0.0"}, {"criteria": "cpe:2.3:a:oracle:communications_network_integrity:7.3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB92D8A7-2ABD-4B70-A32C-4B6B866C5B8B"}, {"criteria": "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B21E6EEF-2AB7-4E96-B092-1F49D11B4175"}, {"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05AD47CC-8A6D-4AEC-B23E-701D3D649CC6"}, {"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "539DA24F-E3E0-4455-84C6-A9D96CD601B3"}, {"criteria": "cpe:2.3:a:oracle:enterprise_data_quality:12.2.1.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36CF85A9-2C29-46E7-961E-8ADD0B5822CF"}, {"criteria": "cpe:2.3:a:oracle:health_sciences_information_manager:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9027528A-4FE7-4E3C-B2DF-CCCED22128F5"}, {"criteria": "cpe:2.3:a:oracle:healthcare_data_repository:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E76102AD-1FFE-4E47-A616-F38382C67344"}, {"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2EE28E34-1D55-42ED-88F2-B2A0C954E298", "versionEndIncluding": "15.2.18.7", "versionStartIncluding": "15.1.0.0"}, {"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2549AF5-E459-46EC-BC20-F5F7A2199802", "versionEndIncluding": "16.2.19.0", "versionStartIncluding": "16.1.0.0"}, {"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D701969-8B0B-40A9-8992-C383FD8B1F7C", "versionEndIncluding": "17.12.15.0", "versionStartIncluding": "17.1.0.0"}, {"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "87D6640E-3A12-4B4F-B5D7-AC1427B05B20", "versionEndIncluding": "18.8.15.0", "versionStartIncluding": "18.1.0.0"}, {"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:19.12.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F18C399-058C-427C-878C-5AAFE9EE31D0"}, {"criteria": "cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19A0F1AF-F2E6-44E7-8E2D-190E103B72D3"}, {"criteria": "cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D53690D-3390-4A27-988A-709CD89DD05B"}, {"criteria": "cpe:2.3:a:oracle:retail_advanced_inventory_planning:15.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "517E0654-F1DE-43C4-90B5-FB90CA31734B"}, {"criteria": "cpe:2.3:a:oracle:retail_advanced_inventory_planning:16.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43DA1635-08DA-434D-AA39-20D117468B5A"}, {"criteria": "cpe:2.3:a:oracle:retail_assortment_planning:16.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "48C9BD8E-7214-4B44-B549-6F11B3EA8A04"}, {"criteria": "cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "360B307A-3D7F-4B38-8248-76CF8318B023"}, {"criteria": "cpe:2.3:a:oracle:retail_financial_integration:15.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "457C8C66-FB0C-4532-9027-8777CF42D17A"}, {"criteria": "cpe:2.3:a:oracle:retail_financial_integration:16.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF2B9DA6-2937-4574-90DF-09FD770B23D4"}, {"criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42064F46-3012-4FB1-89BA-F13C2E4CBB6B"}, {"criteria": "cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F73E2EFA-0F43-4D92-8C7D-9E66811B76D6"}, {"criteria": "cpe:2.3:a:oracle:retail_invoice_matching:16.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D939BB4-9D34-43A4-A19C-1CC90DB748FD"}, {"criteria": "cpe:2.3:a:oracle:retail_merchandising_system:16.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46525CA6-4226-4F6F-B899-D800D4DDE0B5"}, {"criteria": "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "363395FA-C296-4B2B-9D6F-BCB8DBE6FACE"}, {"criteria": "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F62A2144-5EF8-4319-B8C2-D7975F51E5FA"}, {"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0E703304-0752-46F2-998B-A3D37C9E7A54"}, {"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "722969B5-36CD-4413-954B-347BB7E51FAE"}, {"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF295023-399E-4180-A28B-2DA3327A372C"}, {"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E5A2A49-42B0-44EB-B606-999275DC1DA1"}, {"criteria": "cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B5265C91-FF5C-4451-A7C2-D388A65ACFA2"}, {"criteria": "cpe:2.3:a:oracle:secure_global_desktop:5.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C2B933E8-DBC4-4443-B837-BA8BAF8CC249"}, {"criteria": "cpe:2.3:a:oracle:time_and_labor:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19A74710-0E0F-4123-A64C-0684824D13CA", "versionEndIncluding": "12.2.11", "versionStartIncluding": "12.2.6"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}