CVE-2020-11022

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

CVSS v3 6.1 MEDIUM
CVSS v2.0 4.3 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html	Broken Link
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html	Broken Link
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html	Broken Link
http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html	Exploit Third Party Advisory VDB Entry
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/	Release Notes Vendor Advisory
https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77	Patch Third Party Advisory
https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2	Mitigation Third Party Advisory
https://jquery.com/upgrade-guide/3.5/	Mitigation Vendor Advisory
https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3Cdev.flink.apache.org%3E
https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133%40%3Ccommits.airflow.apache.org%3E
https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3Cissues.flink.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/
https://security.gentoo.org/glsa/202007-03	Third Party Advisory
https://security.netapp.com/advisory/ntap-20200511-0006/	Third Party Advisory
https://www.debian.org/security/2020/dsa-4693	Third Party Advisory
https://www.drupal.org/sa-core-2020-002	Third Party Advisory
https://www.oracle.com//security-alerts/cpujul2021.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html	Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html	Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html
https://www.oracle.com/security-alerts/cpuoct2020.html	Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html	Patch Third Party Advisory
https://www.tenable.com/security/tns-2020-10	Third Party Advisory
https://www.tenable.com/security/tns-2020-11	Third Party Advisory
https://www.tenable.com/security/tns-2021-02	Third Party Advisory
https://www.tenable.com/security/tns-2021-10	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:a:drupal:drupal::::::::
	cpe:2.3:a:drupal:drupal::::::::
	cpe:2.3:a:drupal:drupal::::::::

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:31:::::::*
	cpe:2.3:o:fedoraproject:fedora:32:::::::*
	cpe:2.3:o:fedoraproject:fedora:33:::::::*

Configuration 5 (hide)

OR	cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:::::::*
	cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:::::::*
	cpe:2.3:a:oracle:banking_digital_experience:18.1:::::::*
	cpe:2.3:a:oracle:banking_digital_experience:18.2:::::::*
	cpe:2.3:a:oracle:banking_digital_experience:18.3:::::::*
	cpe:2.3:a:oracle:banking_digital_experience:19.1:::::::*
	cpe:2.3:a:oracle:banking_digital_experience:19.2:::::::*
	cpe:2.3:a:oracle:banking_digital_experience:20.1:::::::*
	cpe:2.3:a:oracle:blockchain_platform::::::::
	cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:::::::*
	cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:::::::*
	cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:::::::*
	cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\:::::::::
	cpe:2.3:a:oracle:communications_eagle_application_processor::::::::
	cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:::::::*
	cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:::::::*
	cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:::::::*
	cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:::::::*
	cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure::::::::
	cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework::::::::
	cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.7:::::::*
	cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:::::::*
	cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic::::::::
	cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach::::::::
	cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_data_foundation::::::::
	cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting::::::::
	cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.7:::::::*
	cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.7:::::::*
	cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations::::::::
	cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:::::::*
	cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:::::::*
	cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:::::::*
	cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning::::::::
	cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:::::::*
	cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:::::::*
	cpe:2.3:a:oracle:financial_services_profitability_management:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_profitability_management:8.0.7:::::::*
	cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority::::::::
	cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve::::::::
	cpe:2.3:a:oracle:healthcare_foundation:7.1.1:::::::*
	cpe:2.3:a:oracle:healthcare_foundation:7.2.0:::::::*
	cpe:2.3:a:oracle:healthcare_foundation:7.2.1:::::::*
	cpe:2.3:a:oracle:healthcare_foundation:7.3.0:::::::*
	cpe:2.3:a:oracle:hospitality_materials_control:18.1:::::::*
	cpe:2.3:a:oracle:hospitality_simphony::::::::
	cpe:2.3:a:oracle:hospitality_simphony:18.1:::::::*
cpe:2.3:a:oracle:hospitality_simphony:18.2:::::::*
cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:::::::*
cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:::::::*
cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:::::::*
cpe:2.3:a:oracle:insurance_data_foundation::::::::
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting::::::::
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:::::::*
cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:::::::*
cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:::::::*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:::::::*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:::::::*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:::::::*
cpe:2.3:a:oracle:policy_automation::::::::
cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:::::::*
cpe:2.3:a:oracle:policy_automation_for_mobile_devices::::::::
cpe:2.3:a:oracle:retail_back_office:14.0:::::::*
cpe:2.3:a:oracle:retail_back_office:14.1:::::::*
cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:::::::*
cpe:2.3:a:oracle:retail_returns_management:14.0:::::::*
cpe:2.3:a:oracle:retail_returns_management:14.1:::::::*
cpe:2.3:a:oracle:siebel_ui_framework:20.8:::::::*
cpe:2.3:a:oracle:storagetek_acsls:8.5.1:::::::*
cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:::::::*
cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:::::::*
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*

Configuration 6 (hide)

OR	cpe:2.3:a:netapp:max_data:-:::::::*
	cpe:2.3:a:netapp:oncommand_insight:-:::::::*
	cpe:2.3:a:netapp:oncommand_system_manager::::::::
	cpe:2.3:a:netapp:snap_creator_framework:-:::::::*
	cpe:2.3:a:netapp:snapcenter:-:::::::*

Configuration 7 (hide)

AND

cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

Configuration 15 (hide)

OR	cpe:2.3:o:opensuse:leap:15.1:::::::*
	cpe:2.3:o:opensuse:leap:15.2:::::::*

Configuration 16 (hide)

cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:*

Configuration 17 (hide)

OR	cpe:2.3:a:oracle:agile_product_supplier_collaboration_for_process:6.2.0.0:::::::*
	cpe:2.3:a:oracle:banking_digital_experience::::::::
	cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:::::::*
	cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:::::::*
	cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:::::::*
	cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\:::::::::
	cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:::::::*
	cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:::::::*
	cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:::::::*
	cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure::::::::
	cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework::::::::
	cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.7:::::::*
	cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:::::::*
	cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic::::::::
	cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach::::::::
	cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_data_foundation::::::::
	cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting::::::::
	cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.7:::::::*
	cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.7:::::::*
	cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations::::::::
	cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:::::::*
	cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:::::::*
	cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:::::::*
	cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning::::::::
	cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:::::::*
	cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:::::::*
	cpe:2.3:a:oracle:financial_services_profitability_management:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_profitability_management:8.0.7:::::::*
	cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority::::::::
	cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve::::::::
	cpe:2.3:a:oracle:healthcare_foundation:7.1.1:::::::*
	cpe:2.3:a:oracle:healthcare_foundation:7.2.0:::::::*
	cpe:2.3:a:oracle:healthcare_foundation:7.2.1:::::::*
	cpe:2.3:a:oracle:healthcare_foundation:7.3.0:::::::*
	cpe:2.3:a:oracle:hospitality_materials_control:18.1:::::::*
	cpe:2.3:a:oracle:hospitality_simphony:18.1:::::::*
	cpe:2.3:a:oracle:hospitality_simphony:18.2:::::::*
	cpe:2.3:a:oracle:hospitality_simphony:19.1.0-19.1.2:::::::*
	cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:::::::*
	cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:::::::*
	cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:::::::*
	cpe:2.3:a:oracle:insurance_data_foundation:8.0.6-8.1.0:::::::*
	cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting::::::::
	cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:::::::*
	cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:::::::*
	cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:::::::*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:::::::*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:::::::*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:::::::*
cpe:2.3:a:oracle:policy_automation::::::::
cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:::::::*
cpe:2.3:a:oracle:policy_automation_for_mobile_devices::::::::
cpe:2.3:a:oracle:retail_back_office:14.0:::::::*
cpe:2.3:a:oracle:retail_back_office:14.1:::::::*
cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:::::::*
cpe:2.3:a:oracle:retail_returns_management:14.0:::::::*
cpe:2.3:a:oracle:retail_returns_management:14.1:::::::*
cpe:2.3:a:oracle:siebel_ui_framework:20.8:::::::*
cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:::::::*
cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:::::::*
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*

History

07 Nov 2023, 03:14

Type	Values Removed	Values Added
References	{'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/', 'name': 'FEDORA-2020-11be4b36d4', 'tags': ['Third Party Advisory'], 'refsource': 'FEDORA'} {'url': 'https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d@%3Cissues.flink.apache.org%3E', 'name': '[flink-issues] 20201105 [jira] [Created] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3Cissues.flink.apache.org%3E', 'name': '[flink-issues] 20210429 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760@%3Cissues.flink.apache.org%3E', 'name': '[flink-issues] 20210209 [jira] [Comment Edited] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48@%3Cissues.flink.apache.org%3E', 'name': '[flink-issues] 20201129 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36@%3Cissues.flink.apache.org%3E', 'name': '[flink-issues] 20211031 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'} {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/', 'name': 'FEDORA-2020-fbb94073a1', 'tags': ['Third Party Advisory'], 'refsource': 'FEDORA'} {'url': 'https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133@%3Ccommits.airflow.apache.org%3E', 'name': '[airflow-commits] 20200820 [GitHub] [airflow] breser opened a new issue #10429: jquery dependency needs to be updated to 3.5.0 or newer', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c@%3Cissues.flink.apache.org%3E', 'name': '[flink-issues] 20210209 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3Cissues.flink.apache.org%3E', 'name': '[flink-issues] 20210429 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3Cissues.flink.apache.org%3E', 'name': '[flink-issues] 20210422 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'} {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/', 'name': 'FEDORA-2020-36d2db5f51', 'tags': ['Third Party Advisory'], 'refsource': 'FEDORA'} {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/', 'name': 'FEDORA-2020-0b32a59b54', 'tags': ['Third Party Advisory'], 'refsource': 'FEDORA'} {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/', 'name': 'FEDORA-2020-fe94df8c34', 'tags': ['Third Party Advisory'], 'refsource': 'FEDORA'} {'url': 'https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3Cissues.flink.apache.org%3E', 'name': '[flink-issues] 20210422 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67@%3Cdev.flink.apache.org%3E', 'name': '[flink-dev] 20201105 [jira] [Created] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'}	() https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3Cissues.flink.apache.org%3E - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/ - () https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3Cdev.flink.apache.org%3E - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/ - () https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3Cissues.flink.apache.org%3E - () https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3Cissues.flink.apache.org%3E - () https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133%40%3Ccommits.airflow.apache.org%3E - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/ - () https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3Cissues.flink.apache.org%3E - () https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3Cissues.flink.apache.org%3E - () https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3Cissues.flink.apache.org%3E - () https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3Cissues.flink.apache.org%3E - () https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3Cissues.flink.apache.org%3E - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/ - () https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3Cissues.flink.apache.org%3E -

31 Aug 2023, 03:15

Type	Values Removed	Values Added
References		(MLIST) https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html -

Information

Published : 2020-04-29 22:15

Updated : 2024-02-28 17:47

NVD link : CVE-2020-11022

Mitre link : CVE-2020-11022

CVE.ORG link : CVE-2020-11022

JSON object : View

Products Affected

netapp

h500s
h700s_firmware
h300e_firmware
h300e
h500s_firmware
snap_creator_framework
h410c
h700e
oncommand_system_manager
h410s_firmware
h300s_firmware
h410c_firmware
h700s
snapcenter
h410s
oncommand_insight
h300s
h500e
h700e_firmware
max_data
h500e_firmware

oracle

jdeveloper
financial_services_data_integration_hub
financial_services_analytical_applications_reconciliation_framework
policy_automation_for_mobile_devices
financial_services_funds_transfer_pricing
retail_returns_management
financial_services_regulatory_reporting_for_european_banking_authority
communications_billing_and_revenue_management
insurance_data_foundation
weblogic_server
banking_digital_experience
communications_diameter_signaling_router_idih\
financial_services_liquidity_risk_management
insurance_accounting_analyzer
financial_services_price_creation_and_discovery
financial_services_loan_loss_forecasting_and_provisioning
financial_services_balance_sheet_planning
enterprise_manager_ops_center
healthcare_foundation
siebel_ui_framework
hospitality_materials_control
financial_services_hedge_management_and_ifrs_valuations
enterprise_session_border_controller
policy_automation
financial_services_liquidity_risk_measurement_and_management
communications_webrtc_session_controller
financial_services_basel_regulatory_capital_basic
agile_product_lifecycle_management_for_process
retail_customer_management_and_segmentation_foundation
peoplesoft_enterprise_peopletools
hospitality_simphony
communications_application_session_controller
storagetek_acsls
insurance_insbridge_rating_and_underwriting
financial_services_regulatory_reporting_for_us_federal_reserve
agile_product_supplier_collaboration_for_process
application_testing_suite
blockchain_platform
financial_services_profitability_management
financial_services_analytical_applications_infrastructure
financial_services_market_risk_measurement_and_management
financial_services_basel_regulatory_capital_internal_ratings_based_approach
communications_eagle_application_processor
communications_services_gatekeeper
retail_back_office
insurance_allocation_manager_for_enterprise_profitability
policy_automation_connector_for_siebel
financial_services_institutional_performance_analytics
financial_services_asset_liability_management
financial_services_data_foundation
financial_services_data_governance_for_us_regulatory_reporting

drupal

drupal

debian

debian_linux

opensuse

leap

fedoraproject

fedora

tenable

log_correlation_engine

jquery

jquery

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

6.1 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

4.3 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2020-11022

6.1^/10

4.3^/10

Attach tags to `CVE-2020-11022`