ID

VAR-201902-0360


CVE

CVE-2019-8331


TITLE

Bootstrap Cross-site scripting vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-201902-770

DESCRIPTION

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute. Bootstrap is an open source web front-end framework developed using HTML, CSS and JavaScript. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML. Relevant releases/architectures: RHV-M 4.3 - noarch 3. Bug Fix(es): * Known moderate severity security vulnerability detected by GitHub on ovirt-web-ui components (BZ#1694032) 4. Description: Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link (you must log in to download the update). Description: Bootstrap style library packaged for setuptools (easy_install) / pip. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update Advisory ID: RHSA-2023:0552-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2023:0552 Issue date: 2023-01-31 CVE Names: CVE-2015-9251 CVE-2016-10735 CVE-2017-18214 CVE-2018-14040 CVE-2018-14041 CVE-2018-14042 CVE-2019-8331 CVE-2019-11358 CVE-2020-11022 CVE-2020-11023 CVE-2022-3143 CVE-2022-40149 CVE-2022-40150 CVE-2022-40152 CVE-2022-42003 CVE-2022-42004 CVE-2022-45047 CVE-2022-45693 CVE-2022-46364 ===================================================================== 1. Summary: An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss EAP 7.4 for RHEL 7 Server - noarch 3. Description: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358) * jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251) * bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040) * jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods (CVE-2020-11023) * jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022) * bootstrap: XSS in the data-target attribute (CVE-2016-10735) * bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy (CVE-2018-14041) * sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047) * woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152) * bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042) * bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331) * nodejs-moment: Regular expression denial of service (CVE-2017-18214) * wildfly-elytron: possible timing attacks via use of unsafe comparator (CVE-2022-3143) * jackson-databind: use of deeply nested arrays (CVE-2022-42004) * jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003) * jettison: parser crash by stackoverflow (CVE-2022-40149) * jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150) * jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693) * CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364) 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1399546 - CVE-2015-9251 jquery: Cross-site scripting via cross-domain ajax requests 1553413 - CVE-2017-18214 nodejs-moment: Regular expression denial of service 1601614 - CVE-2018-14040 bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute 1601616 - CVE-2018-14041 bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy 1601617 - CVE-2018-14042 bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip 1668097 - CVE-2016-10735 bootstrap: XSS in the data-target attribute 1686454 - CVE-2019-8331 bootstrap: XSS in the tooltip or popover data-template attribute 1701972 - CVE-2019-11358 jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1850004 - CVE-2020-11023 jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods 2124682 - CVE-2022-3143 wildfly-elytron: possible timing attacks via use of unsafe comparator 2134291 - CVE-2022-40152 woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks 2135244 - CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS 2135247 - CVE-2022-42004 jackson-databind: use of deeply nested arrays 2135770 - CVE-2022-40150 jettison: memory exhaustion via user-supplied XML or JSON data 2135771 - CVE-2022-40149 jettison: parser crash by stackoverflow 2145194 - CVE-2022-45047 mina-sshd: Java unsafe deserialization vulnerability 2155682 - CVE-2022-46364 Apache CXF: SSRF Vulnerability 2155970 - CVE-2022-45693 jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos 6. JIRA issues fixed (https://issues.jboss.org/): JBEAP-23864 - (7.4.z) Upgrade xmlsec from 2.1.7.redhat-00001 to 2.2.3.redhat-00001 JBEAP-23865 - [GSS](7.4.z) Upgrade Apache CXF from 3.3.13.redhat-00001 to 3.4.10.redhat-00001 JBEAP-23866 - (7.4.z) Upgrade wss4j from 2.2.7.redhat-00001 to 2.3.3.redhat-00001 JBEAP-23926 - Tracker bug for the EAP 7.4.9 release for RHEL-7 JBEAP-24055 - (7.4.z) Upgrade HAL from 3.3.15.Final-redhat-00001 to 3.3.16.Final-redhat-00001 JBEAP-24081 - (7.4.z) Upgrade Elytron from 1.15.14.Final-redhat-00001 to 1.15.15.Final-redhat-00001 JBEAP-24095 - (7.4.z) Upgrade elytron-web from 1.9.2.Final-redhat-00001 to 1.9.3.Final-redhat-00001 JBEAP-24100 - [GSS](7.4.z) Upgrade Undertow from 2.2.20.SP1-redhat-00001 to 2.2.22.SP3-redhat-00001 JBEAP-24127 - (7.4.z) UNDERTOW-2123 - Update AsyncContextImpl.dispatch to use proper value JBEAP-24128 - (7.4.z) Upgrade Hibernate Search from 5.10.7.Final-redhat-00001 to 5.10.13.Final-redhat-00001 JBEAP-24132 - [GSS](7.4.z) Upgrade Ironjacamar from 1.5.3.SP2-redhat-00001 to 1.5.10.Final-redhat-00001 JBEAP-24147 - (7.4.z) Upgrade jboss-ejb-client from 4.0.45.Final-redhat-00001 to 4.0.49.Final-redhat-00001 JBEAP-24167 - (7.4.z) Upgrade WildFly Core from 15.0.19.Final-redhat-00001 to 15.0.21.Final-redhat-00002 JBEAP-24191 - [GSS](7.4.z) Upgrade remoting from 5.0.26.SP1-redhat-00001 to 5.0.27.Final-redhat-00001 JBEAP-24195 - [GSS](7.4.z) Upgrade JSF API from 3.0.0.SP06-redhat-00001 to 3.0.0.SP07-redhat-00001 JBEAP-24207 - (7.4.z) Upgrade Soteria from 1.0.1.redhat-00002 to 1.0.1.redhat-00003 JBEAP-24248 - (7.4.z) ELY-2492 - Upgrade sshd-common in Elytron from 2.7.0 to 2.9.2 JBEAP-24426 - (7.4.z) Upgrade Elytron from 1.15.15.Final-redhat-00001 to 1.15.16.Final-redhat-00001 JBEAP-24427 - (7.4.z) Upgrade WildFly Core from 15.0.21.Final-redhat-00002 to 15.0.22.Final-redhat-00001 7. Package List: Red Hat JBoss EAP 7.4 for RHEL 7 Server: Source: eap7-apache-sshd-2.9.2-1.redhat_00001.1.el7eap.src.rpm eap7-elytron-web-1.9.3-1.Final_redhat_00001.1.el7eap.src.rpm eap7-hal-console-3.3.16-1.Final_redhat_00001.1.el7eap.src.rpm eap7-hibernate-search-5.10.13-3.Final_redhat_00001.1.el7eap.src.rpm eap7-ironjacamar-1.5.10-1.Final_redhat_00001.1.el7eap.src.rpm eap7-jackson-annotations-2.12.7-1.redhat_00003.1.el7eap.src.rpm eap7-jackson-core-2.12.7-1.redhat_00003.1.el7eap.src.rpm eap7-jackson-databind-2.12.7-1.redhat_00003.1.el7eap.src.rpm eap7-jackson-jaxrs-providers-2.12.7-1.redhat_00003.1.el7eap.src.rpm eap7-jackson-modules-base-2.12.7-1.redhat_00003.1.el7eap.src.rpm eap7-jackson-modules-java8-2.12.7-1.redhat_00003.1.el7eap.src.rpm eap7-javaee-security-soteria-1.0.1-3.redhat_00003.1.el7eap.src.rpm eap7-jboss-ejb-client-4.0.49-1.Final_redhat_00001.1.el7eap.src.rpm eap7-jboss-jsf-api_2.3_spec-3.0.0-6.SP07_redhat_00001.1.el7eap.src.rpm eap7-jboss-jsp-api_2.3_spec-2.0.0-3.Final_redhat_00001.1.el7eap.src.rpm eap7-jboss-remoting-5.0.27-1.Final_redhat_00001.1.el7eap.src.rpm eap7-jboss-server-migration-1.10.0-24.Final_redhat_00023.1.el7eap.src.rpm eap7-jettison-1.5.2-1.redhat_00002.1.el7eap.src.rpm eap7-undertow-2.2.22-1.SP3_redhat_00001.1.el7eap.src.rpm eap7-wildfly-7.4.9-4.GA_redhat_00003.1.el7eap.src.rpm eap7-wildfly-elytron-1.15.16-1.Final_redhat_00001.1.el7eap.src.rpm eap7-woodstox-core-6.4.0-1.redhat_00001.1.el7eap.src.rpm noarch: eap7-apache-sshd-2.9.2-1.redhat_00001.1.el7eap.noarch.rpm eap7-hal-console-3.3.16-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-search-5.10.13-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-search-backend-jgroups-5.10.13-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-search-backend-jms-5.10.13-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-search-engine-5.10.13-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-search-orm-5.10.13-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-search-serialization-avro-5.10.13-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-1.5.10-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-common-api-1.5.10-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-common-impl-1.5.10-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-common-spi-1.5.10-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-core-api-1.5.10-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-core-impl-1.5.10-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-deployers-common-1.5.10-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-jdbc-1.5.10-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-validator-1.5.10-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jackson-annotations-2.12.7-1.redhat_00003.1.el7eap.noarch.rpm eap7-jackson-core-2.12.7-1.redhat_00003.1.el7eap.noarch.rpm eap7-jackson-databind-2.12.7-1.redhat_00003.1.el7eap.noarch.rpm eap7-jackson-datatype-jdk8-2.12.7-1.redhat_00003.1.el7eap.noarch.rpm eap7-jackson-datatype-jsr310-2.12.7-1.redhat_00003.1.el7eap.noarch.rpm eap7-jackson-jaxrs-base-2.12.7-1.redhat_00003.1.el7eap.noarch.rpm eap7-jackson-jaxrs-json-provider-2.12.7-1.redhat_00003.1.el7eap.noarch.rpm eap7-jackson-module-jaxb-annotations-2.12.7-1.redhat_00003.1.el7eap.noarch.rpm eap7-jackson-modules-base-2.12.7-1.redhat_00003.1.el7eap.noarch.rpm eap7-jackson-modules-java8-2.12.7-1.redhat_00003.1.el7eap.noarch.rpm eap7-javaee-security-soteria-1.0.1-3.redhat_00003.1.el7eap.noarch.rpm eap7-javaee-security-soteria-enterprise-1.0.1-3.redhat_00003.1.el7eap.noarch.rpm eap7-jboss-ejb-client-4.0.49-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-jsf-api_2.3_spec-3.0.0-6.SP07_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-jsp-api_2.3_spec-2.0.0-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-remoting-5.0.27-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-server-migration-1.10.0-24.Final_redhat_00023.1.el7eap.noarch.rpm eap7-jboss-server-migration-cli-1.10.0-24.Final_redhat_00023.1.el7eap.noarch.rpm eap7-jboss-server-migration-core-1.10.0-24.Final_redhat_00023.1.el7eap.noarch.rpm eap7-jettison-1.5.2-1.redhat_00002.1.el7eap.noarch.rpm eap7-undertow-2.2.22-1.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-undertow-server-1.9.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-7.4.9-4.GA_redhat_00003.1.el7eap.noarch.rpm eap7-wildfly-elytron-1.15.16-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-elytron-tool-1.15.16-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-java-jdk11-7.4.9-4.GA_redhat_00003.1.el7eap.noarch.rpm eap7-wildfly-java-jdk8-7.4.9-4.GA_redhat_00003.1.el7eap.noarch.rpm eap7-wildfly-javadocs-7.4.9-4.GA_redhat_00003.1.el7eap.noarch.rpm eap7-wildfly-modules-7.4.9-4.GA_redhat_00003.1.el7eap.noarch.rpm eap7-woodstox-core-6.4.0-1.redhat_00001.1.el7eap.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 8. References: https://access.redhat.com/security/cve/CVE-2015-9251 https://access.redhat.com/security/cve/CVE-2016-10735 https://access.redhat.com/security/cve/CVE-2017-18214 https://access.redhat.com/security/cve/CVE-2018-14040 https://access.redhat.com/security/cve/CVE-2018-14041 https://access.redhat.com/security/cve/CVE-2018-14042 https://access.redhat.com/security/cve/CVE-2019-8331 https://access.redhat.com/security/cve/CVE-2019-11358 https://access.redhat.com/security/cve/CVE-2020-11022 https://access.redhat.com/security/cve/CVE-2020-11023 https://access.redhat.com/security/cve/CVE-2022-3143 https://access.redhat.com/security/cve/CVE-2022-40149 https://access.redhat.com/security/cve/CVE-2022-40150 https://access.redhat.com/security/cve/CVE-2022-40152 https://access.redhat.com/security/cve/CVE-2022-42003 https://access.redhat.com/security/cve/CVE-2022-42004 https://access.redhat.com/security/cve/CVE-2022-45047 https://access.redhat.com/security/cve/CVE-2022-45693 https://access.redhat.com/security/cve/CVE-2022-46364 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/ 9. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY9lDGtzjgjWX9erEAQjimw//fBUaCFjuNEUDLbls17MLQ06kwBtninVs fvq4SPMrKnBWVjrMAFLKMBY91i3/mpaNBaOvN/B/KHGEm/q3yQcJ17prAOxPBnOJ gLmhnk51XOSLz0w65f4y4SGgP92BnwiFGrBvxXfcrfffGoBNfCZFQt9k3wGjyam/ Rxt1VMjJDXwjr0KnRDBIdRN0wH68nu8Wmd7Hr2TrWtUEg2gicnxZZRe5HuV4UAZp EDXjPPeiCIcqu/D80IKnEAbICvc9jmcgw5Gx2apx30ymrgSzbvjAS6IOUs36STzE 0J9YknZwnA4lqhSW4GsuG236fT0nB3v4zl18idn+zm2ECuEP6v8wJICQUsMMvJqt adkO2CGPZGfAL3nUBed+DZ45pBwOV9590cM7wD1W52J47/DHokq0G1j2xrdMyIOJ jlK3Qd+mOnK0tQblFSCjzWUtmCBDAxpXTSxh/hRjwShJGCGNPduE5lKnrVW3OhO+ Ujlm94l7by0EiTtPS7fBuzEFLRD4L9+wjevFOEE6bVuR+E4Humo9x8uLXkbcPK3z 2MbEfQh07FIAByCxnG1WC0ejS5w5aHIECUfkgxJUT0OaxUvFwunWE2Kh3m2d1ZH/ utJMKjr6kIYOwLOTbREZJpp3FldoxwE9sHTLfUhGWxUYbn+u7/MHtpVZlqNonBIy RijOt1IMGd4= =zhy0 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 1.53

sources: NVD: CVE-2019-8331 // VULHUB: VHN-159766 // VULMON: CVE-2019-8331 // PACKETSTORM: 154812 // PACKETSTORM: 153255 // PACKETSTORM: 170155 // PACKETSTORM: 170821 // PACKETSTORM: 170823

AFFECTED PRODUCTS

vendor:f5model:big-ip webacceleratorscope:ltversion:15.1.0

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:ltversion:12.1.5.1

Trust: 1.0

vendor:f5model:big-ip link controllerscope:ltversion:15.1.0

Trust: 1.0

vendor:f5model:big-ip analyticsscope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:ltversion:15.1.0

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:ltversion:12.1.5.1

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip application security managerscope:ltversion:14.1.2.5

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:gteversion:15.0.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:ltversion:15.1.0

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:ltversion:13.1.3.4

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:gteversion:15.0.0

Trust: 1.0

vendor:getbootstrapmodel:bootstrapscope:gteversion:4.3.0

Trust: 1.0

vendor:f5model:big-ip analyticsscope:ltversion:15.1.0

Trust: 1.0

vendor:redhatmodel:virtualization managerscope:eqversion:4.3

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:ltversion:12.1.5.1

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:ltversion:14.1.2.5

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:ltversion:15.1.0

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:ltversion:14.1.2.5

Trust: 1.0

vendor:f5model:big-ip application security managerscope:ltversion:13.1.3.4

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:gteversion:15.0.0

Trust: 1.0

vendor:f5model:big-ip analyticsscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:ltversion:13.1.3.4

Trust: 1.0

vendor:getbootstrapmodel:bootstrapscope:ltversion:3.4.1

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:ltversion:15.1.0

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:ltversion:14.1.2.5

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:ltversion:12.1.5.1

Trust: 1.0

vendor:f5model:big-ip link controllerscope:ltversion:14.1.2.5

Trust: 1.0

vendor:tenablemodel:tenable.scscope:ltversion:5.19.0

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:ltversion:12.1.5.1

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:ltversion:14.1.2.5

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:ltversion:13.1.3.4

Trust: 1.0

vendor:f5model:big-ip application security managerscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip link controllerscope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:gteversion:15.0.0

Trust: 1.0

vendor:f5model:big-ip link controllerscope:ltversion:12.1.5.1

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:ltversion:13.1.3.4

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:ltversion:15.1.0

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:ltversion:13.1.3.4

Trust: 1.0

vendor:f5model:big-ip analyticsscope:ltversion:14.1.2.5

Trust: 1.0

vendor:f5model:big-ip link controllerscope:ltversion:13.1.3.4

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:ltversion:12.1.5.1

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:ltversion:13.1.3.4

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:ltversion:14.1.2.5

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:ltversion:13.1.3.4

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:ltversion:15.1.0

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:ltversion:14.1.2.5

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:ltversion:12.1.5.1

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip analyticsscope:ltversion:13.1.3.4

Trust: 1.0

vendor:f5model:big-ip link controllerscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:ltversion:13.1.3.4

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:gteversion:15.0.0

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:ltversion:13.1.3.4

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip application security managerscope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip analyticsscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip application security managerscope:ltversion:12.1.5.1

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:ltversion:14.1.2.5

Trust: 1.0

vendor:f5model:big-ip analyticsscope:gteversion:15.0.0

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:gteversion:13.0.0

Trust: 1.0

vendor:getbootstrapmodel:bootstrapscope:ltversion:4.3.1

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:gteversion:15.0.0

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:ltversion:15.1.0

Trust: 1.0

vendor:f5model:big-ip application security managerscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip application security managerscope:gteversion:15.0.0

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:ltversion:12.1.5.1

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:ltversion:14.1.2.5

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip application security managerscope:ltversion:15.1.0

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:ltversion:13.1.3.4

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:ltversion:12.1.5.1

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:ltversion:12.1.5.1

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:gteversion:15.0.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:ltversion:14.1.2.5

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:gteversion:15.0.0

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip link controllerscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:ltversion:15.1.0

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:ltversion:15.1.0

Trust: 1.0

vendor:f5model:big-ip link controllerscope:gteversion:15.0.0

Trust: 1.0

vendor:f5model:big-ip analyticsscope:ltversion:12.1.5.1

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:gteversion:15.0.0

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:ltversion:14.1.2.5

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:gteversion:15.0.0

Trust: 1.0

sources: NVD: CVE-2019-8331

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-8331
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-201902-770
value: MEDIUM

Trust: 0.6

VULHUB: VHN-159766
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-8331
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-8331
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-159766
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-8331
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-159766 // VULMON: CVE-2019-8331 // CNNVD: CNNVD-201902-770 // NVD: CVE-2019-8331

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.1

sources: VULHUB: VHN-159766 // NVD: CVE-2019-8331

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201902-770

TYPE

xss

Trust: 0.7

sources: PACKETSTORM: 170155 // CNNVD: CNNVD-201902-770

PATCH

title:Bootstrap Fixes for cross-site scripting vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=89568

Trust: 0.6

title:Red Hat: Moderate: Red Hat OpenStack 16.2.4 (python-XStatic-Bootstrap-SCSS) security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20228848 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: ovirt-web-ui security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193024 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Red Hat OpenStack 16.1.9 (python-XStatic-Bootstrap-SCSS) security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20228865 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: python-XStatic-Bootstrap-SCSS security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20205571 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: ovirt-engine-ui-extensions security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193023 - Security Advisory

Trust: 0.1

title:Red Hat: CVE-2019-8331url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2019-8331

Trust: 0.1

title:IBM: IBM Security Bulletin: IBM API Connect Developer Portal is affected by a cross site scripting vulnerability in Bootstrap (CVE-2019-8331)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=2caa270c4d58ec92fdaa81e47c7433a3

Trust: 0.1

title:Red Hat: Important: RHV Manager (ovirt-engine) 4.4 security, bug fix, and enhancement updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203247 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: idm:DL1 and idm:client security, bug fix, and enhancement updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204670 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: ipa security, bug fix, and enhancement updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203936 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Red Hat Single Sign-On 7.3.2 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20191456 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204847 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat Fuse 7.11.1 release and security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20228652 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.4.9 Security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20230554 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.4.9 Security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20230556 - Security Advisory

Trust: 0.1

title:Amazon Linux 2: ALAS2-2020-1519url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2020-1519

Trust: 0.1

title:IBM: Security Bulletin: IBM License Key Server Administration and Reporting Tool is impacted by multiple vulnerabilities in jQuery, Bootstrap and AngularJSurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=06c81cfb59e5c7353b49e490f4b9142c

Trust: 0.1

title:IBM: Security Bulletin: Multiple vulnerability issues affect IBM Spectrum Conductor 2.5.0url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=0bf006d622ea4a9435b282864e760566

Trust: 0.1

title:IBM: Security Bulletin: Multiple vulnerability issues affect IBM Spectrum Symphony 7.3.1url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=c47c09015d1429df4a71453000607351

Trust: 0.1

title:Tenable Security Advisories: [R1] Tenable.sc 5.19.0 Fixes Multiple Third-party Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2021-14

Trust: 0.1

title: - url:https://github.com/Snorlyd/https-nj.gov---CVE-2019-8331

Trust: 0.1

title: - url:https://github.com/Thampakon/CVE-2019-8331

Trust: 0.1

sources: VULMON: CVE-2019-8331 // CNNVD: CNNVD-201902-770

EXTERNAL IDS

db:NVDid:CVE-2019-8331

Trust: 2.3

db:PACKETSTORMid:156743

Trust: 1.7

db:BIDid:107375

Trust: 1.7

db:TENABLEid:TNS-2021-14

Trust: 1.7

db:PACKETSTORMid:170823

Trust: 0.8

db:PACKETSTORMid:170821

Trust: 0.8

db:PACKETSTORMid:170155

Trust: 0.8

db:PACKETSTORMid:159852

Trust: 0.7

db:PACKETSTORMid:159353

Trust: 0.7

db:PACKETSTORMid:160568

Trust: 0.7

db:PACKETSTORMid:170042

Trust: 0.7

db:PACKETSTORMid:158750

Trust: 0.7

db:PACKETSTORMid:170154

Trust: 0.7

db:CNNVDid:CNNVD-201902-770

Trust: 0.7

db:PACKETSTORMid:154812

Trust: 0.7

db:AUSCERTid:ESB-2020.2694

Trust: 0.6

db:AUSCERTid:ESB-2022.6177

Trust: 0.6

db:AUSCERTid:ESB-2020.4453

Trust: 0.6

db:AUSCERTid:ESB-2023.3839

Trust: 0.6

db:AUSCERTid:ESB-2019.1251.2

Trust: 0.6

db:AUSCERTid:ESB-2020.3875

Trust: 0.6

db:AUSCERTid:ESB-2019.3808

Trust: 0.6

db:AUSCERTid:ESB-2022.0824

Trust: 0.6

db:AUSCERTid:ESB-2023.0585

Trust: 0.6

db:AUSCERTid:ESB-2023.0583

Trust: 0.6

db:AUSCERTid:ESB-2019.1171

Trust: 0.6

db:AUSCERTid:ESB-2021.2515

Trust: 0.6

db:AUSCERTid:ESB-2019.2074

Trust: 0.6

db:AUSCERTid:ESB-2020.3368

Trust: 0.6

db:AUSCERTid:ESB-2020.3902

Trust: 0.6

db:CS-HELPid:SB2022022516

Trust: 0.6

db:CS-HELPid:SB2021072292

Trust: 0.6

db:PACKETSTORMid:159876

Trust: 0.1

db:PACKETSTORMid:170819

Trust: 0.1

db:PACKETSTORMid:170817

Trust: 0.1

db:VULHUBid:VHN-159766

Trust: 0.1

db:VULMONid:CVE-2019-8331

Trust: 0.1

db:PACKETSTORMid:153255

Trust: 0.1

sources: VULHUB: VHN-159766 // VULMON: CVE-2019-8331 // PACKETSTORM: 154812 // PACKETSTORM: 153255 // PACKETSTORM: 170155 // PACKETSTORM: 170821 // PACKETSTORM: 170823 // CNNVD: CNNVD-201902-770 // NVD: CVE-2019-8331

REFERENCES

url:https://access.redhat.com/errata/rhsa-2019:1456

Trust: 2.4

url:http://www.securityfocus.com/bid/107375

Trust: 2.3

url:http://packetstormsecurity.com/files/156743/octobercms-insecure-dependencies.html

Trust: 2.3

url:https://access.redhat.com/errata/rhsa-2019:3023

Trust: 2.3

url:https://access.redhat.com/errata/rhsa-2019:3024

Trust: 1.8

url:https://seclists.org/bugtraq/2019/may/18

Trust: 1.7

url:https://www.tenable.com/security/tns-2021-14

Trust: 1.7

url:https://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1/

Trust: 1.7

url:https://support.f5.com/csp/article/k24383845

Trust: 1.7

url:http://seclists.org/fulldisclosure/2019/may/13

Trust: 1.7

url:http://seclists.org/fulldisclosure/2019/may/11

Trust: 1.7

url:http://seclists.org/fulldisclosure/2019/may/10

Trust: 1.7

url:https://github.com/twbs/bootstrap/pull/28236

Trust: 1.7

url:https://github.com/twbs/bootstrap/releases/tag/v3.4.1

Trust: 1.7

url:https://github.com/twbs/bootstrap/releases/tag/v4.3.1

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpuapr2021.html

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-8331

Trust: 1.1

url:https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3cdev.flink.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3cuser.flink.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3cdev.drill.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3cuser.flink.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e%40%3cdev.superset.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3cuser.flink.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3cdev.drill.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3cissues.drill.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714%40%3cissues.hbase.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3ccommits.pulsar.apache.org%3e

Trust: 1.0

url:https://support.f5.com/csp/article/k24383845?utm_source=f5support&amp%3butm_medium=rss

Trust: 1.0

url:https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3cdev.drill.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3cdev.drill.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3cissues.drill.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731@%3cdev.flink.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854@%3cuser.flink.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49@%3cuser.flink.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2@%3cuser.flink.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714@%3cissues.hbase.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3ccommits.pulsar.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3cdev.superset.apache.org%3e

Trust: 0.7

url:https://support.f5.com/csp/article/k24383845?utm_source=f5support&utm_medium=rss

Trust: 0.6

url:https://github.com/twbs/bootstrap/releases/tag/v4.3.1release notesthird party advisory

Trust: 0.6

url:http://www.ibm.com/support/docview.wss

Trust: 0.6

url:https://packetstormsecurity.com/files/159353/red-hat-security-advisory-2020-3936-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/78918

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2515

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022022516

Trust: 0.6

url:https://packetstormsecurity.com/files/158750/red-hat-security-advisory-2020-3247-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/170155/red-hat-security-advisory-2022-8848-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.3839

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.6177

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.1251.2/

Trust: 0.6

url:https://packetstormsecurity.com/files/154812/red-hat-security-advisory-2019-3024-01.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-oss-scan-fixes-for-content-pos/

Trust: 0.6

url:https://packetstormsecurity.com/files/160568/red-hat-security-advisory-2020-5571-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3875/

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6520510

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021072292

Trust: 0.6

url:https://www-01.ibm.com/support/docview.wss?uid=ibm10879483

Trust: 0.6

url:https://packetstormsecurity.com/files/170042/red-hat-security-advisory-2022-8652-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3902/

Trust: 0.6

url:https://packetstormsecurity.com/files/170821/red-hat-security-advisory-2023-0552-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.0585

Trust: 0.6

url:https://packetstormsecurity.com/files/159852/red-hat-security-advisory-2020-4847-01.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-information-queue-uses-components-with-known-vulnerabilities-cve-2019-8331-cve-2019-11358/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3808/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2694/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4453/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.0583

Trust: 0.6

url:https://packetstormsecurity.com/files/170154/red-hat-security-advisory-2022-8865-01.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-license-key-server-administration-and-reporting-tool-is-impacted-by-multiple-vulnerabilities-in-jquery-bootstrap-and-angularjs/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerability-issues-affect-ibm-spectrum-symphony-7-3-1/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/78550

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.2074/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0824

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3368/

Trust: 0.6

url:https://packetstormsecurity.com/files/170823/red-hat-security-advisory-2023-0553-01.html

Trust: 0.6

url:https://bugzilla.redhat.com/):

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2019-8331

Trust: 0.5

url:https://access.redhat.com/security/team/contact/

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2019-11358

Trust: 0.4

url:https://access.redhat.com/security/team/key/

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-11358

Trust: 0.4

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2018-14041

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2018-14041

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-10735

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2016-10735

Trust: 0.3

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.3

url:https://access.redhat.com/articles/11258

Trust: 0.3

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-11023

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-14040

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-40150

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-14040

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-3143

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-14042

Trust: 0.2

url:https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-9251

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-42003

Trust: 0.2

url:https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-42004

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-11022

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-40150

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-45047

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2017-18214

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-40152

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-40149

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-40149

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-11023

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-40152

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-9251

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-11022

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2017-18214

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-45693

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-46364

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-14042

Trust: 0.2

url:https://issues.jboss.org/):

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-3143

Trust: 0.2

url:https://support.f5.com/csp/article/k24383845?utm_source=f5support&amp;amp;utm_medium=rss

Trust: 0.1

url:https://access.redhat.com/articles/2974891

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-10744

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-10744

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-3875

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-10157

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-3873

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-3888

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.3/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-3875

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-3888

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.rhsso&downloadtype=securitypatches&version=7.3

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-10157

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-20676

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-3872

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-3872

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-20676

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-20677

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-3873

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-20677

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:8848

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:0552

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:0553

Trust: 0.1

sources: VULHUB: VHN-159766 // PACKETSTORM: 154812 // PACKETSTORM: 153255 // PACKETSTORM: 170155 // PACKETSTORM: 170821 // PACKETSTORM: 170823 // CNNVD: CNNVD-201902-770 // NVD: CVE-2019-8331

CREDITS

Red Hat,The vendor reported this issue.,SECURELI.com

Trust: 0.6

sources: CNNVD: CNNVD-201902-770

SOURCES

db:VULHUBid:VHN-159766
db:VULMONid:CVE-2019-8331
db:PACKETSTORMid:154812
db:PACKETSTORMid:153255
db:PACKETSTORMid:170155
db:PACKETSTORMid:170821
db:PACKETSTORMid:170823
db:CNNVDid:CNNVD-201902-770
db:NVDid:CVE-2019-8331

LAST UPDATE DATE

2024-11-11T20:33:38.805000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-159766date:2019-06-11T00:00:00
db:VULMONid:CVE-2019-8331date:2023-11-07T00:00:00
db:CNNVDid:CNNVD-201902-770date:2023-07-10T00:00:00
db:NVDid:CVE-2019-8331date:2023-11-07T03:13:28.950

SOURCES RELEASE DATE

db:VULHUBid:VHN-159766date:2019-02-20T00:00:00
db:VULMONid:CVE-2019-8331date:2019-02-20T00:00:00
db:PACKETSTORMid:154812date:2019-10-11T15:03:31
db:PACKETSTORMid:153255date:2019-06-11T10:33:22
db:PACKETSTORMid:170155date:2022-12-08T16:28:14
db:PACKETSTORMid:170821date:2023-01-31T17:21:40
db:PACKETSTORMid:170823date:2023-01-31T17:26:38
db:CNNVDid:CNNVD-201902-770date:2019-02-20T00:00:00
db:NVDid:CVE-2019-8331date:2019-02-20T16:29:00.837