CVE-2020-11022

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

CVSS v3 6.9 MEDIUM
CVSS v2.0 4.3 MEDIUM

6.9^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 4.7

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html	Broken Link
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html	Broken Link
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html	Broken Link
http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html	Exploit Third Party Advisory VDB Entry
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/	Release Notes Vendor Advisory
https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77	Patch Third Party Advisory
https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2	Mitigation Third Party Advisory
https://jquery.com/upgrade-guide/3.5/	Mitigation Vendor Advisory
https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3Cdev.flink.apache.org%3E
https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133%40%3Ccommits.airflow.apache.org%3E
https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3Cissues.flink.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/
https://security.gentoo.org/glsa/202007-03	Third Party Advisory
https://security.netapp.com/advisory/ntap-20200511-0006/	Third Party Advisory
https://www.debian.org/security/2020/dsa-4693	Third Party Advisory
https://www.drupal.org/sa-core-2020-002	Third Party Advisory
https://www.oracle.com//security-alerts/cpujul2021.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html	Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html	Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html
https://www.oracle.com/security-alerts/cpuoct2020.html	Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html	Patch Third Party Advisory
https://www.tenable.com/security/tns-2020-10	Third Party Advisory
https://www.tenable.com/security/tns-2020-11	Third Party Advisory
https://www.tenable.com/security/tns-2021-02	Third Party Advisory
https://www.tenable.com/security/tns-2021-10	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html	Broken Link
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html	Broken Link
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html	Broken Link
http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html	Exploit Third Party Advisory VDB Entry
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/	Release Notes Vendor Advisory
https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77	Patch Third Party Advisory
https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2	Mitigation Third Party Advisory
https://jquery.com/upgrade-guide/3.5/	Mitigation Vendor Advisory
https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3Cdev.flink.apache.org%3E
https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133%40%3Ccommits.airflow.apache.org%3E
https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3Cissues.flink.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/
https://security.gentoo.org/glsa/202007-03	Third Party Advisory
https://security.netapp.com/advisory/ntap-20200511-0006/	Third Party Advisory
https://www.debian.org/security/2020/dsa-4693	Third Party Advisory
https://www.drupal.org/sa-core-2020-002	Third Party Advisory
https://www.oracle.com//security-alerts/cpujul2021.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html	Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html	Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html
https://www.oracle.com/security-alerts/cpuoct2020.html	Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html	Patch Third Party Advisory
https://www.tenable.com/security/tns-2020-10	Third Party Advisory
https://www.tenable.com/security/tns-2020-11	Third Party Advisory
https://www.tenable.com/security/tns-2021-02	Third Party Advisory
https://www.tenable.com/security/tns-2021-10	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:a:drupal:drupal::::::::
	cpe:2.3:a:drupal:drupal::::::::
	cpe:2.3:a:drupal:drupal::::::::

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:31:::::::*
	cpe:2.3:o:fedoraproject:fedora:32:::::::*
	cpe:2.3:o:fedoraproject:fedora:33:::::::*

Configuration 5 (hide)

OR	cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:::::::*
	cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:::::::*
	cpe:2.3:a:oracle:banking_digital_experience:18.1:::::::*
	cpe:2.3:a:oracle:banking_digital_experience:18.2:::::::*
	cpe:2.3:a:oracle:banking_digital_experience:18.3:::::::*
	cpe:2.3:a:oracle:banking_digital_experience:19.1:::::::*
	cpe:2.3:a:oracle:banking_digital_experience:19.2:::::::*
	cpe:2.3:a:oracle:banking_digital_experience:20.1:::::::*
	cpe:2.3:a:oracle:blockchain_platform::::::::
	cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:::::::*
	cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:::::::*
	cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:::::::*
	cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\:::::::::
	cpe:2.3:a:oracle:communications_eagle_application_processor::::::::
	cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:::::::*
	cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:::::::*
	cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:::::::*
	cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:::::::*
	cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure::::::::
	cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework::::::::
	cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.7:::::::*
	cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:::::::*
	cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic::::::::
	cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach::::::::
	cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_data_foundation::::::::
	cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting::::::::
	cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.7:::::::*
	cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.7:::::::*
	cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations::::::::
	cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:::::::*
	cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:::::::*
	cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:::::::*
	cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning::::::::
	cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:::::::*
	cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:::::::*
	cpe:2.3:a:oracle:financial_services_profitability_management:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_profitability_management:8.0.7:::::::*
	cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority::::::::
	cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve::::::::
	cpe:2.3:a:oracle:healthcare_foundation:7.1.1:::::::*
	cpe:2.3:a:oracle:healthcare_foundation:7.2.0:::::::*
	cpe:2.3:a:oracle:healthcare_foundation:7.2.1:::::::*
	cpe:2.3:a:oracle:healthcare_foundation:7.3.0:::::::*
	cpe:2.3:a:oracle:hospitality_materials_control:18.1:::::::*
	cpe:2.3:a:oracle:hospitality_simphony::::::::
	cpe:2.3:a:oracle:hospitality_simphony:18.1:::::::*
cpe:2.3:a:oracle:hospitality_simphony:18.2:::::::*
cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:::::::*
cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:::::::*
cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:::::::*
cpe:2.3:a:oracle:insurance_data_foundation::::::::
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting::::::::
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:::::::*
cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:::::::*
cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:::::::*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:::::::*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:::::::*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:::::::*
cpe:2.3:a:oracle:policy_automation::::::::
cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:::::::*
cpe:2.3:a:oracle:policy_automation_for_mobile_devices::::::::
cpe:2.3:a:oracle:retail_back_office:14.0:::::::*
cpe:2.3:a:oracle:retail_back_office:14.1:::::::*
cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:::::::*
cpe:2.3:a:oracle:retail_returns_management:14.0:::::::*
cpe:2.3:a:oracle:retail_returns_management:14.1:::::::*
cpe:2.3:a:oracle:siebel_ui_framework:20.8:::::::*
cpe:2.3:a:oracle:storagetek_acsls:8.5.1:::::::*
cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:::::::*
cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:::::::*
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*

Configuration 6 (hide)

OR	cpe:2.3:a:netapp:max_data:-:::::::*
	cpe:2.3:a:netapp:oncommand_insight:-:::::::*
	cpe:2.3:a:netapp:oncommand_system_manager::::::::
	cpe:2.3:a:netapp:snap_creator_framework:-:::::::*
	cpe:2.3:a:netapp:snapcenter:-:::::::*

Configuration 7 (hide)

AND

cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

Configuration 15 (hide)

OR	cpe:2.3:o:opensuse:leap:15.1:::::::*
	cpe:2.3:o:opensuse:leap:15.2:::::::*

Configuration 16 (hide)

cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:*

Configuration 17 (hide)

OR	cpe:2.3:a:oracle:agile_product_supplier_collaboration_for_process:6.2.0.0:::::::*
	cpe:2.3:a:oracle:banking_digital_experience::::::::
	cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:::::::*
	cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:::::::*
	cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:::::::*
	cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\:::::::::
	cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:::::::*
	cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:::::::*
	cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:::::::*
	cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure::::::::
	cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework::::::::
	cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.7:::::::*
	cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:::::::*
	cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic::::::::
	cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach::::::::
	cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_data_foundation::::::::
	cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting::::::::
	cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.7:::::::*
	cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.7:::::::*
	cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations::::::::
	cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:::::::*
	cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:::::::*
	cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:::::::*
	cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning::::::::
	cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:::::::*
	cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:::::::*
	cpe:2.3:a:oracle:financial_services_profitability_management:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_profitability_management:8.0.7:::::::*
	cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority::::::::
	cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve::::::::
	cpe:2.3:a:oracle:healthcare_foundation:7.1.1:::::::*
	cpe:2.3:a:oracle:healthcare_foundation:7.2.0:::::::*
	cpe:2.3:a:oracle:healthcare_foundation:7.2.1:::::::*
	cpe:2.3:a:oracle:healthcare_foundation:7.3.0:::::::*
	cpe:2.3:a:oracle:hospitality_materials_control:18.1:::::::*
	cpe:2.3:a:oracle:hospitality_simphony:18.1:::::::*
	cpe:2.3:a:oracle:hospitality_simphony:18.2:::::::*
	cpe:2.3:a:oracle:hospitality_simphony:19.1.0-19.1.2:::::::*
	cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:::::::*
	cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:::::::*
	cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:::::::*
	cpe:2.3:a:oracle:insurance_data_foundation:8.0.6-8.1.0:::::::*
	cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting::::::::
	cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:::::::*
	cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:::::::*
	cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:::::::*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:::::::*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:::::::*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:::::::*
cpe:2.3:a:oracle:policy_automation::::::::
cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:::::::*
cpe:2.3:a:oracle:policy_automation_for_mobile_devices::::::::
cpe:2.3:a:oracle:retail_back_office:14.0:::::::*
cpe:2.3:a:oracle:retail_back_office:14.1:::::::*
cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:::::::*
cpe:2.3:a:oracle:retail_returns_management:14.0:::::::*
cpe:2.3:a:oracle:retail_returns_management:14.1:::::::*
cpe:2.3:a:oracle:siebel_ui_framework:20.8:::::::*
cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:::::::*
cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:::::::*
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*

History

21 Nov 2024, 04:56

07 Nov 2023, 03:14

Type	Values Removed	Values Added
References	{'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/', 'name': 'FEDORA-2020-11be4b36d4', 'tags': ['Third Party Advisory'], 'refsource': 'FEDORA'} {'url': 'https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d@%3Cissues.flink.apache.org%3E', 'name': '[flink-issues] 20201105 [jira] [Created] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3Cissues.flink.apache.org%3E', 'name': '[flink-issues] 20210429 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760@%3Cissues.flink.apache.org%3E', 'name': '[flink-issues] 20210209 [jira] [Comment Edited] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48@%3Cissues.flink.apache.org%3E', 'name': '[flink-issues] 20201129 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36@%3Cissues.flink.apache.org%3E', 'name': '[flink-issues] 20211031 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'} {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/', 'name': 'FEDORA-2020-fbb94073a1', 'tags': ['Third Party Advisory'], 'refsource': 'FEDORA'} {'url': 'https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133@%3Ccommits.airflow.apache.org%3E', 'name': '[airflow-commits] 20200820 [GitHub] [airflow] breser opened a new issue #10429: jquery dependency needs to be updated to 3.5.0 or newer', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c@%3Cissues.flink.apache.org%3E', 'name': '[flink-issues] 20210209 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3Cissues.flink.apache.org%3E', 'name': '[flink-issues] 20210429 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3Cissues.flink.apache.org%3E', 'name': '[flink-issues] 20210422 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'} {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/', 'name': 'FEDORA-2020-36d2db5f51', 'tags': ['Third Party Advisory'], 'refsource': 'FEDORA'} {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/', 'name': 'FEDORA-2020-0b32a59b54', 'tags': ['Third Party Advisory'], 'refsource': 'FEDORA'} {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/', 'name': 'FEDORA-2020-fe94df8c34', 'tags': ['Third Party Advisory'], 'refsource': 'FEDORA'} {'url': 'https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3Cissues.flink.apache.org%3E', 'name': '[flink-issues] 20210422 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67@%3Cdev.flink.apache.org%3E', 'name': '[flink-dev] 20201105 [jira] [Created] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'}	() https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3Cissues.flink.apache.org%3E - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/ - () https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3Cdev.flink.apache.org%3E - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/ - () https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3Cissues.flink.apache.org%3E - () https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3Cissues.flink.apache.org%3E - () https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133%40%3Ccommits.airflow.apache.org%3E - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/ - () https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3Cissues.flink.apache.org%3E - () https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3Cissues.flink.apache.org%3E - () https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3Cissues.flink.apache.org%3E - () https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3Cissues.flink.apache.org%3E - () https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3Cissues.flink.apache.org%3E - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/ - () https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3Cissues.flink.apache.org%3E -

31 Aug 2023, 03:15

Type	Values Removed	Values Added
References		(MLIST) https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html -

Information

Published : 2020-04-29 22:15

Updated : 2024-11-21 04:56

NVD link : CVE-2020-11022

Mitre link : CVE-2020-11022

CVE.ORG link : CVE-2020-11022

JSON object : View

Products Affected

oracle

financial_services_analytical_applications_infrastructure
peoplesoft_enterprise_peopletools
policy_automation_connector_for_siebel
healthcare_foundation
hospitality_simphony
agile_product_lifecycle_management_for_process
policy_automation_for_mobile_devices
insurance_insbridge_rating_and_underwriting
financial_services_price_creation_and_discovery
financial_services_analytical_applications_reconciliation_framework
insurance_allocation_manager_for_enterprise_profitability
banking_digital_experience
insurance_accounting_analyzer
retail_customer_management_and_segmentation_foundation
communications_eagle_application_processor
communications_diameter_signaling_router_idih\
application_testing_suite
financial_services_basel_regulatory_capital_internal_ratings_based_approach
financial_services_funds_transfer_pricing
financial_services_market_risk_measurement_and_management
insurance_data_foundation
hospitality_materials_control
financial_services_institutional_performance_analytics
financial_services_asset_liability_management
enterprise_session_border_controller
financial_services_data_integration_hub
communications_billing_and_revenue_management
jdeveloper
financial_services_profitability_management
communications_application_session_controller
financial_services_liquidity_risk_measurement_and_management
financial_services_loan_loss_forecasting_and_provisioning
siebel_ui_framework
financial_services_data_foundation
communications_webrtc_session_controller
agile_product_supplier_collaboration_for_process
blockchain_platform
enterprise_manager_ops_center
policy_automation
retail_returns_management
communications_services_gatekeeper
financial_services_basel_regulatory_capital_basic
financial_services_regulatory_reporting_for_european_banking_authority
weblogic_server
financial_services_regulatory_reporting_for_us_federal_reserve
retail_back_office
financial_services_balance_sheet_planning
financial_services_data_governance_for_us_regulatory_reporting
financial_services_hedge_management_and_ifrs_valuations
financial_services_liquidity_risk_management
storagetek_acsls

netapp

h300s_firmware
h410s_firmware
max_data
oncommand_insight
h410c_firmware
oncommand_system_manager
h410c
h300s
h700s
h410s
h500s_firmware
h500e
h300e
snap_creator_framework
snapcenter
h500s
h700s_firmware
h700e_firmware
h500e_firmware
h300e_firmware
h700e

opensuse

leap

tenable

log_correlation_engine

jquery

jquery

fedoraproject

fedora

drupal

drupal

debian

debian_linux

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

6.9 /10

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

4.3 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2020-11022

6.9^/10

4.3^/10

Attach tags to `CVE-2020-11022`