6.1

CVE-2019-17091

Exploit
faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client window field is mishandled.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
EclipseMojarra Version >= 2.3.0 < 2.3.10
OracleMojarra Javaserver Faces Version >= 2.2.0 < 2.2.20
OracleApplication Testing Suite Version13.2.0.1
OracleApplication Testing Suite Version13.3.0.1
OracleCommunications Diameter Signaling Router Version >= 8.0.0.0 <= 8.4.0.5
OracleEnterprise Data Quality Version12.2.1.3.0
OraclePrimavera P6 Enterprise Project Portfolio Management Version >= 15.1.0.0 <= 15.2.18.7
OraclePrimavera P6 Enterprise Project Portfolio Management Version >= 16.1.0.0 <= 16.2.19.0
OraclePrimavera P6 Enterprise Project Portfolio Management Version >= 17.1.0.0 <= 17.12.15.0
OraclePrimavera P6 Enterprise Project Portfolio Management Version >= 18.1.0.0 <= 18.8.15.0
OracleRapid Planning Version12.1
OracleRapid Planning Version12.2
OracleRetail Bulk Data Integration Version16.0.3.0
OracleRetail Integration Bus Version15.0
OracleRetail Integration Bus Version16.0
OracleSecure Global Desktop Version5.4
OracleSecure Global Desktop Version5.5
OracleTime And Labor Version >= 12.2.6 <= 12.2.11
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.47% 0.824
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.1 2.8 2.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://www.oracle.com/security-alerts/cpujan2020.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2020.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html
Patch
Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
Patch
Third Party Advisory
https://bugs.eclipse.org/bugs/show_bug.cgi?id=548244
Patch
Vendor Advisory
Exploit
Issue Tracking
https://github.com/eclipse-ee4j/mojarra/commit/8f70f2bd024f00ecd5b3dcca45df73edda29dcee
Patch
Third Party Advisory
https://github.com/eclipse-ee4j/mojarra/commit/a3fa9573789ed5e867c43ea38374f4dbd5a8f81f
Patch
Third Party Advisory
https://github.com/eclipse-ee4j/mojarra/compare/2.3.9-RELEASE...2.3.10-RELEASE
Third Party Advisory
Release Notes
https://github.com/eclipse-ee4j/mojarra/files/3039198/advisory.txt
Third Party Advisory
Exploit
https://github.com/eclipse-ee4j/mojarra/issues/4556
Third Party Advisory
https://github.com/eclipse-ee4j/mojarra/pull/4567
Patch
Third Party Advisory
https://github.com/javaserverfaces/mojarra/commit/ae1c234d0a6750822ac69d4ae26d90e3571f27fe
Patch
Third Party Advisory
https://github.com/javaserverfaces/mojarra/commit/f61935cd39f34329fbf27b1972a506fbdd0ab4d4
Patch
Third Party Advisory
https://github.com/javaserverfaces/mojarra/compare/2.2.19...2.2.20
Patch
Third Party Advisory