Details of VAR-202004-2191

ID

VAR-202004-2191

CVE

CVE-2020-11022

TITLE

jQuery Cross-site scripting vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202004-2429

DESCRIPTION

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. jQuery is an open source, cross-browser JavaScript library developed by American John Resig programmers. The library simplifies the operation between HTML and JavaScript, and has the characteristics of modularization and plug-in extension. A cross-site scripting vulnerability exists in jQuery versions 1.2 through 3.5.0. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update Advisory ID: RHSA-2020:4847-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:4847 Issue date: 2020-11-03 CVE Names: CVE-2015-9251 CVE-2016-10735 CVE-2018-14040 CVE-2018-14042 CVE-2019-8331 CVE-2019-10146 CVE-2019-10179 CVE-2019-10221 CVE-2019-11358 CVE-2020-1721 CVE-2020-11022 CVE-2020-11023 CVE-2020-15720 ==================================================================== 1. Summary: An update for the pki-core:10.6 and pki-deps:10.6 modules is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System. Security Fix(es): * jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251) * bootstrap: XSS in the data-target attribute (CVE-2016-10735) * bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040) * bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042) * bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331) * jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358) * jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022) * jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution (CVE-2020-11023) * pki: Dogtag's python client does not validate certificates (CVE-2020-15720) * pki-core: Reflected XSS in 'path length' constraint field in CA's Agent page (CVE-2019-10146) * pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA's DRM agent page in authorize recovery tab (CVE-2019-10179) * pki-core: Reflected XSS in getcookies?url= endpoint in CA (CVE-2019-10221) * pki-core: KRA vulnerable to reflected XSS via the getPk12 page (CVE-2020-1721) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1376706 - restore SerialNumber tag in caManualRenewal xml 1399546 - CVE-2015-9251 jquery: Cross-site scripting via cross-domain ajax requests 1406505 - KRA ECC installation failed with shared tomcat 1601614 - CVE-2018-14040 bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute 1601617 - CVE-2018-14042 bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip 1666907 - CC: Enable AIA OCSP cert checking for entire cert chain 1668097 - CVE-2016-10735 bootstrap: XSS in the data-target attribute 1686454 - CVE-2019-8331 bootstrap: XSS in the tooltip or popover data-template attribute 1695901 - CVE-2019-10179 pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA's DRM agent page in authorize recovery tab 1701972 - CVE-2019-11358 jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection 1706521 - CA - SubjectAltNameExtInput does not display text fields to the enrollment page 1710171 - CVE-2019-10146 pki-core: Reflected XSS in 'path length' constraint field in CA's Agent page 1721684 - Rebase pki-servlet-engine to 9.0.30 1724433 - caTransportCert.cfg contains MD2/MD5withRSA as signingAlgsAllowed. 1732565 - CVE-2019-10221 pki-core: Reflected XSS in getcookies?url= endpoint in CA 1732981 - When nuxwdog is enabled pkidaemon status shows instances as stopped. 1777579 - CVE-2020-1721 pki-core: KRA vulnerable to reflected XSS via the getPk12 page 1805541 - [RFE] CA Certificate Transparency with Embedded Signed Certificate Time stamp 1817247 - Upgrade to 10.8.3 breaks PKI Tomcat Server 1821851 - [RFE] Provide SSLEngine via JSSProvider for use with PKI 1822246 - JSS - NativeProxy never calls releaseNativeResources - Memory Leak 1824939 - JSS: add RSA PSS support - RHEL 8.3 1824948 - add RSA PSS support - RHEL 8.3 1825998 - CertificatePoliciesExtDefault MAX_NUM_POLICIES hardcoded limit 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1842734 - CVE-2019-10179 pki-core: pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA's DRM agent page in authorize recovery tab [rhel-8] 1842736 - CVE-2019-10146 pki-core: Reflected Cross-Site Scripting in 'path length' constraint field in CA's Agent page [rhel-8] 1843537 - Able to Perform PKI CLI operations like cert request and approval without nssdb password 1845447 - pkispawn fails in FIPS mode: AJP connector has secretRequired="true" but no secret 1850004 - CVE-2020-11023 jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution 1854043 - /usr/bin/PrettyPrintCert is failing with a ClassNotFoundException 1854959 - ca-profile-add with Netscape extensions nsCertSSLClient and nsCertEmail in the profile gets stuck in processing 1855273 - CVE-2020-15720 pki: Dogtag's python client does not validate certificates 1855319 - Not able to launch pkiconsole 1856368 - kra-key-generate request is failing 1857933 - CA Installation is failing with ncipher v12.30 HSM 1861911 - pki cli ca-cert-request-approve hangs over crmf request from client-cert-request 1869893 - Common certificates are missing in CS.cfg on shared PKI instance 1871064 - replica install failing during pki-ca component configuration 1873235 - pki ca-user-cert-add with secure port failed with 'SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT' 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: apache-commons-collections-3.2.2-10.module+el8.1.0+3366+6dfb954c.src.rpm apache-commons-lang-2.6-21.module+el8.1.0+3366+6dfb954c.src.rpm apache-commons-net-3.6-3.module+el8.3.0+6805+72837426.src.rpm bea-stax-1.2.0-16.module+el8.1.0+3366+6dfb954c.src.rpm glassfish-fastinfoset-1.2.13-9.module+el8.1.0+3366+6dfb954c.src.rpm glassfish-jaxb-2.2.11-11.module+el8.1.0+3366+6dfb954c.src.rpm glassfish-jaxb-api-2.2.12-8.module+el8.1.0+3366+6dfb954c.src.rpm jackson-annotations-2.10.0-1.module+el8.2.0+5059+3eb3af25.src.rpm jackson-core-2.10.0-1.module+el8.2.0+5059+3eb3af25.src.rpm jackson-databind-2.10.0-1.module+el8.2.0+5059+3eb3af25.src.rpm jackson-jaxrs-providers-2.9.9-1.module+el8.1.0+3832+9784644d.src.rpm jackson-module-jaxb-annotations-2.7.6-4.module+el8.1.0+3366+6dfb954c.src.rpm jakarta-commons-httpclient-3.1-28.module+el8.1.0+3366+6dfb954c.src.rpm javassist-3.18.1-8.module+el8.1.0+3366+6dfb954c.src.rpm jss-4.7.3-1.module+el8.3.0+8058+d5cd4219.src.rpm ldapjdk-4.22.0-1.module+el8.3.0+6784+6e1e4c62.src.rpm pki-core-10.9.4-1.module+el8.3.0+8058+d5cd4219.src.rpm pki-servlet-engine-9.0.30-1.module+el8.3.0+6730+8f9c6254.src.rpm python-nss-1.0.1-10.module+el8.1.0+3366+6dfb954c.src.rpm relaxngDatatype-2011.1-7.module+el8.1.0+3366+6dfb954c.src.rpm resteasy-3.0.26-3.module+el8.2.0+5723+4574fbff.src.rpm slf4j-1.7.25-4.module+el8.1.0+3366+6dfb954c.src.rpm stax-ex-1.7.7-8.module+el8.2.0+5723+4574fbff.src.rpm tomcatjss-7.5.0-1.module+el8.3.0+7355+c59bcbd9.src.rpm velocity-1.7-24.module+el8.1.0+3366+6dfb954c.src.rpm xalan-j2-2.7.1-38.module+el8.1.0+3366+6dfb954c.src.rpm xerces-j2-2.11.0-34.module+el8.1.0+3366+6dfb954c.src.rpm xml-commons-apis-1.4.01-25.module+el8.1.0+3366+6dfb954c.src.rpm xml-commons-resolver-1.2-26.module+el8.1.0+3366+6dfb954c.src.rpm xmlstreambuffer-1.5.4-8.module+el8.2.0+5723+4574fbff.src.rpm xsom-0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src.rpm aarch64: jss-4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64.rpm jss-debuginfo-4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64.rpm jss-debugsource-4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64.rpm jss-javadoc-4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64.rpm pki-core-debuginfo-10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64.rpm pki-core-debugsource-10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64.rpm pki-symkey-10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64.rpm pki-symkey-debuginfo-10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64.rpm pki-tools-10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64.rpm pki-tools-debuginfo-10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64.rpm python-nss-debugsource-1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64.rpm python-nss-doc-1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64.rpm python3-nss-1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64.rpm python3-nss-debuginfo-1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64.rpm noarch: apache-commons-collections-3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch.rpm apache-commons-lang-2.6-21.module+el8.1.0+3366+6dfb954c.noarch.rpm apache-commons-net-3.6-3.module+el8.3.0+6805+72837426.noarch.rpm bea-stax-api-1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch.rpm glassfish-fastinfoset-1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch.rpm glassfish-jaxb-api-2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch.rpm glassfish-jaxb-core-2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch.rpm glassfish-jaxb-runtime-2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch.rpm glassfish-jaxb-txw2-2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch.rpm jackson-annotations-2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch.rpm jackson-core-2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch.rpm jackson-databind-2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch.rpm jackson-jaxrs-json-provider-2.9.9-1.module+el8.1.0+3832+9784644d.noarch.rpm jackson-jaxrs-providers-2.9.9-1.module+el8.1.0+3832+9784644d.noarch.rpm jackson-module-jaxb-annotations-2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch.rpm jakarta-commons-httpclient-3.1-28.module+el8.1.0+3366+6dfb954c.noarch.rpm javassist-3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch.rpm javassist-javadoc-3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch.rpm ldapjdk-4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch.rpm ldapjdk-javadoc-4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch.rpm pki-base-10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch.rpm pki-base-java-10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch.rpm pki-ca-10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch.rpm pki-kra-10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch.rpm pki-server-10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch.rpm pki-servlet-4.0-api-9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch.rpm pki-servlet-engine-9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch.rpm python3-pki-10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch.rpm relaxngDatatype-2011.1-7.module+el8.1.0+3366+6dfb954c.noarch.rpm resteasy-3.0.26-3.module+el8.2.0+5723+4574fbff.noarch.rpm slf4j-1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch.rpm slf4j-jdk14-1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch.rpm stax-ex-1.7.7-8.module+el8.2.0+5723+4574fbff.noarch.rpm tomcatjss-7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch.rpm velocity-1.7-24.module+el8.1.0+3366+6dfb954c.noarch.rpm xalan-j2-2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch.rpm xerces-j2-2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch.rpm xml-commons-apis-1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch.rpm xml-commons-resolver-1.2-26.module+el8.1.0+3366+6dfb954c.noarch.rpm xmlstreambuffer-1.5.4-8.module+el8.2.0+5723+4574fbff.noarch.rpm xsom-0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch.rpm ppc64le: jss-4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le.rpm jss-debuginfo-4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le.rpm jss-debugsource-4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le.rpm jss-javadoc-4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le.rpm pki-core-debuginfo-10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le.rpm pki-core-debugsource-10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le.rpm pki-symkey-10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le.rpm pki-symkey-debuginfo-10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le.rpm pki-tools-10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le.rpm pki-tools-debuginfo-10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le.rpm python-nss-debugsource-1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le.rpm python-nss-doc-1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le.rpm python3-nss-1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le.rpm python3-nss-debuginfo-1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le.rpm s390x: jss-4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x.rpm jss-debuginfo-4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x.rpm jss-debugsource-4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x.rpm jss-javadoc-4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x.rpm pki-core-debuginfo-10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x.rpm pki-core-debugsource-10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x.rpm pki-symkey-10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x.rpm pki-symkey-debuginfo-10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x.rpm pki-tools-10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x.rpm pki-tools-debuginfo-10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x.rpm python-nss-debugsource-1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x.rpm python-nss-doc-1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x.rpm python3-nss-1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x.rpm python3-nss-debuginfo-1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x.rpm x86_64: jss-4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64.rpm jss-debuginfo-4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64.rpm jss-debugsource-4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64.rpm jss-javadoc-4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64.rpm pki-core-debuginfo-10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64.rpm pki-core-debugsource-10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64.rpm pki-symkey-10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64.rpm pki-symkey-debuginfo-10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64.rpm pki-tools-10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64.rpm pki-tools-debuginfo-10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64.rpm python-nss-debugsource-1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64.rpm python-nss-doc-1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64.rpm python3-nss-1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64.rpm python3-nss-debuginfo-1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-9251 https://access.redhat.com/security/cve/CVE-2016-10735 https://access.redhat.com/security/cve/CVE-2018-14040 https://access.redhat.com/security/cve/CVE-2018-14042 https://access.redhat.com/security/cve/CVE-2019-8331 https://access.redhat.com/security/cve/CVE-2019-10146 https://access.redhat.com/security/cve/CVE-2019-10179 https://access.redhat.com/security/cve/CVE-2019-10221 https://access.redhat.com/security/cve/CVE-2019-11358 https://access.redhat.com/security/cve/CVE-2020-1721 https://access.redhat.com/security/cve/CVE-2020-11022 https://access.redhat.com/security/cve/CVE-2020-11023 https://access.redhat.com/security/cve/CVE-2020-15720 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX6I3GNzjgjWX9erEAQiK8w//dJasljC8LcJheQtDfUXL+EG52rGjpyxU B5iSYariTDhQOFRt22udOjbdBaISRD77ozLdz0LusA1NBtR3hQ49ryIWyMUxLNsi 46FLY44YxMY7uofZJExUJoEkN39CYwXqIOaaGnZ8mkn4QVdoKG+UBvBL3gKcE3uk h+PWQaasCHL96ZuLz5OB1ya0StcgVcnIDOJleP0f4TGI8w5LKSj1bdJz2fD1H+JP iBa3QVedFanQpWVqCAjaw2lH+fQUB4F936XltKsqCKD9uaX1A2m+xAMZ8wuHcCUl Nudj4LwT06xGd36tyQVh+0ZolB7aKmErYNicv25VNz1c/QlmXCiBJi3Y62/a7La0 t8bGYPE01RTI1YvLs8c+Bw0SH+NcGPGtLw9Vd8w9hFYed7JUP6Iv9v/lSfbiUXDD R5gcEJPQtN2pRsqZaCmQCY2i9aNwjmyZ3wggmXJ4DtEy5adTmAmTL/Alf8kx1rfC UjfeBWVQ01QMIcwNCZM9ly6au06fioPjHhusCFPqPWnGCoT6mysF//ZOhLemUQci ecbYX+JbbUnbyWQPVIBhV/Zj4D6SqNtY5rciorwTedC8n2zX/8ORTCn1PZz8Oc1S ebaoJI0TA2DuiUtPkKz1REcD8rnSCxPIhCYWfb4nIXKGjBINW8ueyG27VPprkSOh +Ybici9RaUE=VLtX -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description: Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Description: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/): JBEAP-23864 - (7.4.z) Upgrade xmlsec from 2.1.7.redhat-00001 to 2.2.3.redhat-00001 JBEAP-23865 - [GSS](7.4.z) Upgrade Apache CXF from 3.3.13.redhat-00001 to 3.4.10.redhat-00001 JBEAP-23866 - (7.4.z) Upgrade wss4j from 2.2.7.redhat-00001 to 2.3.3.redhat-00001 JBEAP-23926 - Tracker bug for the EAP 7.4.9 release for RHEL-7 JBEAP-24055 - (7.4.z) Upgrade HAL from 3.3.15.Final-redhat-00001 to 3.3.16.Final-redhat-00001 JBEAP-24081 - (7.4.z) Upgrade Elytron from 1.15.14.Final-redhat-00001 to 1.15.15.Final-redhat-00001 JBEAP-24095 - (7.4.z) Upgrade elytron-web from 1.9.2.Final-redhat-00001 to 1.9.3.Final-redhat-00001 JBEAP-24100 - [GSS](7.4.z) Upgrade Undertow from 2.2.20.SP1-redhat-00001 to 2.2.22.SP3-redhat-00001 JBEAP-24127 - (7.4.z) UNDERTOW-2123 - Update AsyncContextImpl.dispatch to use proper value JBEAP-24128 - (7.4.z) Upgrade Hibernate Search from 5.10.7.Final-redhat-00001 to 5.10.13.Final-redhat-00001 JBEAP-24132 - [GSS](7.4.z) Upgrade Ironjacamar from 1.5.3.SP2-redhat-00001 to 1.5.10.Final-redhat-00001 JBEAP-24147 - (7.4.z) Upgrade jboss-ejb-client from 4.0.45.Final-redhat-00001 to 4.0.49.Final-redhat-00001 JBEAP-24167 - (7.4.z) Upgrade WildFly Core from 15.0.19.Final-redhat-00001 to 15.0.21.Final-redhat-00002 JBEAP-24191 - [GSS](7.4.z) Upgrade remoting from 5.0.26.SP1-redhat-00001 to 5.0.27.Final-redhat-00001 JBEAP-24195 - [GSS](7.4.z) Upgrade JSF API from 3.0.0.SP06-redhat-00001 to 3.0.0.SP07-redhat-00001 JBEAP-24207 - (7.4.z) Upgrade Soteria from 1.0.1.redhat-00002 to 1.0.1.redhat-00003 JBEAP-24248 - (7.4.z) ELY-2492 - Upgrade sshd-common in Elytron from 2.7.0 to 2.9.2 JBEAP-24426 - (7.4.z) Upgrade Elytron from 1.15.15.Final-redhat-00001 to 1.15.16.Final-redhat-00001 JBEAP-24427 - (7.4.z) Upgrade WildFly Core from 15.0.21.Final-redhat-00002 to 15.0.22.Final-redhat-00001 7. Description: Security Fix(es): * Addressed a security issue which can allow a malicious playbook author to elevate to the awx user from outside the isolated environment: CVE-2021-20253 * Upgraded to a more recent version of nginx to address CVE-2019-20372 * Upgraded to a more recent version of autobahn to address CVE-2020-35678 * Upgraded to a more recent version of jquery to address CVE-2020-11022 and CVE-2020-11023 For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution: For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html 4. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link (you must log in to download the update). Bugs fixed (https://bugzilla.redhat.com/): 1705975 - CVE-2020-1714 keycloak: Lack of checks in ObjectInputStream leading to Remote Code Execution 1790759 - CVE-2020-1694 keycloak: verify-token-audience support is missing in the NodeJS adapter 1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking 1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config 1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap 1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1828459 - CVE-2020-10719 undertow: invalid HTTP request with large chunk size 1836786 - CVE-2020-10748 keycloak: top-level navigations to data URLs resulting in XSS are possible (incomplete fix of CVE-2020-1697) 1850004 - CVE-2020-11023 jQuery: passing HTML containing <option> elements to manipulation methods could result in untrusted code execution 5

Trust: 1.71

sources: NVD: CVE-2020-11022 // VULHUB: VHN-163559 // VULMON: CVE-2020-11022 // PACKETSTORM: 159852 // PACKETSTORM: 171213 // PACKETSTORM: 171211 // PACKETSTORM: 170821 // PACKETSTORM: 170823 // PACKETSTORM: 161727 // PACKETSTORM: 158282

AFFECTED PRODUCTS

vendor:	oracle	model:	jdeveloper	scope:	eq	version:	12.2.1.3.0	Trust: 1.0
vendor:	oracle	model:	jdeveloper	scope:	eq	version:	12.2.1.4.0	Trust: 1.0
vendor:	oracle	model:	financial services data foundation	scope:	gte	version:	8.0.6	Trust: 1.0
vendor:	oracle	model:	financial services analytical applications infrastructure	scope:	gte	version:	8.0.6.0.0	Trust: 1.0
vendor:	oracle	model:	hospitality simphony	scope:	eq	version:	19.1.0-19.1.2	Trust: 1.0
vendor:	oracle	model:	financial services market risk measurement and management	scope:	eq	version:	8.0.8	Trust: 1.0
vendor:	drupal	model:	drupal	scope:	gte	version:	8.7.0	Trust: 1.0
vendor:	oracle	model:	financial services liquidity risk measurement and management	scope:	eq	version:	8.1.0	Trust: 1.0
vendor:	oracle	model:	financial services analytical applications infrastructure	scope:	gte	version:	8.0.6	Trust: 1.0
vendor:	netapp	model:	h300s	scope:	eq	version:	-	Trust: 1.0
vendor:	drupal	model:	drupal	scope:	lt	version:	8.7.14	Trust: 1.0
vendor:	oracle	model:	communications billing and revenue management	scope:	eq	version:	12.0.0.3.0	Trust: 1.0
vendor:	oracle	model:	financial services analytical applications reconciliation framework	scope:	lte	version:	8.0.8	Trust: 1.0
vendor:	oracle	model:	hospitality materials control	scope:	eq	version:	18.1	Trust: 1.0
vendor:	oracle	model:	hospitality simphony	scope:	lte	version:	19.1.2	Trust: 1.0
vendor:	oracle	model:	financial services data governance for us regulatory reporting	scope:	lte	version:	8.0.9	Trust: 1.0
vendor:	oracle	model:	policy automation connector for siebel	scope:	eq	version:	10.4.6	Trust: 1.0
vendor:	oracle	model:	financial services analytical applications reconciliation framework	scope:	eq	version:	8.1.0	Trust: 1.0
vendor:	oracle	model:	financial services basel regulatory capital basic	scope:	lte	version:	8.0.8	Trust: 1.0
vendor:	oracle	model:	enterprise session border controller	scope:	eq	version:	8.4	Trust: 1.0
vendor:	oracle	model:	financial services institutional performance analytics	scope:	eq	version:	8.0.6	Trust: 1.0
vendor:	oracle	model:	financial services profitability management	scope:	eq	version:	8.0.6	Trust: 1.0
vendor:	oracle	model:	retail back office	scope:	eq	version:	14.0	Trust: 1.0
vendor:	netapp	model:	snapcenter	scope:	eq	version:	-	Trust: 1.0
vendor:	drupal	model:	drupal	scope:	gte	version:	8.8.0	Trust: 1.0
vendor:	oracle	model:	financial services price creation and discovery	scope:	eq	version:	8.0.7	Trust: 1.0
vendor:	oracle	model:	insurance data foundation	scope:	lte	version:	8.1.0	Trust: 1.0
vendor:	oracle	model:	banking digital experience	scope:	eq	version:	20.1	Trust: 1.0
vendor:	oracle	model:	insurance allocation manager for enterprise profitability	scope:	eq	version:	8.1.0	Trust: 1.0
vendor:	oracle	model:	financial services analytical applications reconciliation framework	scope:	gte	version:	8.0.6	Trust: 1.0
vendor:	oracle	model:	financial services liquidity risk measurement and management	scope:	eq	version:	8.0.7	Trust: 1.0
vendor:	oracle	model:	insurance accounting analyzer	scope:	eq	version:	8.0.9	Trust: 1.0
vendor:	oracle	model:	financial services loan loss forecasting and provisioning	scope:	eq	version:	8.1.0	Trust: 1.0
vendor:	oracle	model:	financial services funds transfer pricing	scope:	eq	version:	8.1.0	Trust: 1.0
vendor:	oracle	model:	insurance data foundation	scope:	gte	version:	8.0.6	Trust: 1.0
vendor:	oracle	model:	agile product lifecycle management for process	scope:	eq	version:	6.2.0.0	Trust: 1.0
vendor:	oracle	model:	peoplesoft enterprise peopletools	scope:	eq	version:	8.58	Trust: 1.0
vendor:	oracle	model:	communications eagle application processor	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	oracle	model:	banking digital experience	scope:	eq	version:	18.2	Trust: 1.0
vendor:	jquery	model:	jquery	scope:	gte	version:	1.2	Trust: 1.0
vendor:	oracle	model:	financial services basel regulatory capital basic	scope:	gte	version:	8.0.6	Trust: 1.0
vendor:	oracle	model:	financial services data governance for us regulatory reporting	scope:	gte	version:	8.0.6	Trust: 1.0
vendor:	oracle	model:	financial services profitability management	scope:	eq	version:	8.1.0	Trust: 1.0
vendor:	drupal	model:	drupal	scope:	gte	version:	7.0	Trust: 1.0
vendor:	oracle	model:	blockchain platform	scope:	lt	version:	21.1.2	Trust: 1.0
vendor:	drupal	model:	drupal	scope:	lt	version:	8.8.6	Trust: 1.0
vendor:	oracle	model:	communications diameter signaling router idih\:	scope:	lte	version:	8.2.2	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	31	Trust: 1.0
vendor:	oracle	model:	financial services loan loss forecasting and provisioning	scope:	gte	version:	8.0.6	Trust: 1.0
vendor:	oracle	model:	insurance insbridge rating and underwriting	scope:	gte	version:	5.0.0.0	Trust: 1.0
vendor:	oracle	model:	financial services regulatory reporting for european banking authority	scope:	lte	version:	8.1.0	Trust: 1.0
vendor:	netapp	model:	h300e	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	banking digital experience	scope:	eq	version:	19.2	Trust: 1.0
vendor:	oracle	model:	healthcare foundation	scope:	eq	version:	7.2.0	Trust: 1.0
vendor:	oracle	model:	siebel ui framework	scope:	eq	version:	20.8	Trust: 1.0
vendor:	oracle	model:	weblogic server	scope:	eq	version:	14.1.1.0.0	Trust: 1.0
vendor:	oracle	model:	banking digital experience	scope:	lte	version:	20.1	Trust: 1.0
vendor:	netapp	model:	h700e	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	weblogic server	scope:	eq	version:	12.2.1.3.0	Trust: 1.0
vendor:	oracle	model:	weblogic server	scope:	eq	version:	12.2.1.4.0	Trust: 1.0
vendor:	netapp	model:	h500s	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	financial services funds transfer pricing	scope:	eq	version:	8.0.7	Trust: 1.0
vendor:	oracle	model:	financial services price creation and discovery	scope:	eq	version:	8.0.6	Trust: 1.0
vendor:	oracle	model:	healthcare foundation	scope:	eq	version:	7.2.1	Trust: 1.0
vendor:	oracle	model:	policy automation	scope:	lte	version:	12.2.20	Trust: 1.0
vendor:	netapp	model:	oncommand system manager	scope:	gte	version:	3.0	Trust: 1.0
vendor:	oracle	model:	financial services profitability management	scope:	eq	version:	8.0.7	Trust: 1.0
vendor:	oracle	model:	financial services hedge management and ifrs valuations	scope:	eq	version:	8.1.0	Trust: 1.0
vendor:	oracle	model:	enterprise manager ops center	scope:	eq	version:	12.4.0.0	Trust: 1.0
vendor:	oracle	model:	banking digital experience	scope:	gte	version:	18.1	Trust: 1.0
vendor:	oracle	model:	policy automation	scope:	gte	version:	12.2.0	Trust: 1.0
vendor:	oracle	model:	financial services asset liability management	scope:	eq	version:	8.1.0	Trust: 1.0
vendor:	oracle	model:	communications application session controller	scope:	eq	version:	3.8m0	Trust: 1.0
vendor:	oracle	model:	financial services basel regulatory capital internal ratings based approach	scope:	eq	version:	8.1.0	Trust: 1.0
vendor:	oracle	model:	financial services market risk measurement and management	scope:	eq	version:	8.0.6	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	oracle	model:	banking digital experience	scope:	eq	version:	18.3	Trust: 1.0
vendor:	oracle	model:	financial services hedge management and ifrs valuations	scope:	gte	version:	8.0.6	Trust: 1.0
vendor:	oracle	model:	weblogic server	scope:	eq	version:	10.3.6.0.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	33	Trust: 1.0
vendor:	oracle	model:	financial services basel regulatory capital internal ratings based approach	scope:	lte	version:	8.0.8	Trust: 1.0
vendor:	drupal	model:	drupal	scope:	lt	version:	7.70	Trust: 1.0
vendor:	oracle	model:	insurance insbridge rating and underwriting	scope:	eq	version:	5.6.1.0	Trust: 1.0
vendor:	oracle	model:	financial services balance sheet planning	scope:	eq	version:	8.0.8	Trust: 1.0
vendor:	oracle	model:	financial services funds transfer pricing	scope:	eq	version:	8.0.6	Trust: 1.0
vendor:	oracle	model:	retail returns management	scope:	eq	version:	14.1	Trust: 1.0
vendor:	oracle	model:	hospitality simphony	scope:	eq	version:	18.1	Trust: 1.0
vendor:	oracle	model:	insurance allocation manager for enterprise profitability	scope:	eq	version:	8.0.8	Trust: 1.0
vendor:	oracle	model:	financial services asset liability management	scope:	eq	version:	8.0.7	Trust: 1.0
vendor:	oracle	model:	insurance data foundation	scope:	eq	version:	8.0.6-8.1.0	Trust: 1.0
vendor:	oracle	model:	peoplesoft enterprise peopletools	scope:	eq	version:	8.56	Trust: 1.0
vendor:	oracle	model:	financial services basel regulatory capital basic	scope:	eq	version:	8.1.0	Trust: 1.0
vendor:	oracle	model:	financial services regulatory reporting for us federal reserve	scope:	lte	version:	8.0.9	Trust: 1.0
vendor:	oracle	model:	peoplesoft enterprise peopletools	scope:	eq	version:	8.57	Trust: 1.0
vendor:	opensuse	model:	leap	scope:	eq	version:	15.2	Trust: 1.0
vendor:	oracle	model:	communications services gatekeeper	scope:	eq	version:	7.0	Trust: 1.0
vendor:	oracle	model:	financial services data integration hub	scope:	eq	version:	8.1.0	Trust: 1.0
vendor:	oracle	model:	healthcare foundation	scope:	eq	version:	7.3.0	Trust: 1.0
vendor:	oracle	model:	insurance insbridge rating and underwriting	scope:	lte	version:	5.6.0.0	Trust: 1.0
vendor:	oracle	model:	hospitality simphony	scope:	eq	version:	18.2	Trust: 1.0
vendor:	oracle	model:	financial services data foundation	scope:	lte	version:	8.1.0	Trust: 1.0
vendor:	oracle	model:	policy automation for mobile devices	scope:	lte	version:	12.2.20	Trust: 1.0
vendor:	oracle	model:	storagetek acsls	scope:	eq	version:	8.5.1	Trust: 1.0
vendor:	netapp	model:	snap creator framework	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	financial services basel regulatory capital internal ratings based approach	scope:	gte	version:	8.0.6	Trust: 1.0
vendor:	netapp	model:	h410c	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	banking digital experience	scope:	eq	version:	18.1	Trust: 1.0
vendor:	oracle	model:	policy automation for mobile devices	scope:	gte	version:	12.2.0	Trust: 1.0
vendor:	jquery	model:	jquery	scope:	lt	version:	3.5.0	Trust: 1.0
vendor:	oracle	model:	financial services liquidity risk management	scope:	eq	version:	8.0.6	Trust: 1.0
vendor:	netapp	model:	oncommand insight	scope:	eq	version:	-	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	32	Trust: 1.0
vendor:	oracle	model:	financial services analytical applications infrastructure	scope:	lte	version:	8.1.0.0.0	Trust: 1.0
vendor:	netapp	model:	h500e	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	h410s	scope:	eq	version:	-	Trust: 1.0
vendor:	tenable	model:	log correlation engine	scope:	lt	version:	6.0.9	Trust: 1.0
vendor:	oracle	model:	communications diameter signaling router idih\:	scope:	gte	version:	8.0.0	Trust: 1.0
vendor:	oracle	model:	healthcare foundation	scope:	eq	version:	7.1.1	Trust: 1.0
vendor:	oracle	model:	financial services data integration hub	scope:	eq	version:	8.0.7	Trust: 1.0
vendor:	oracle	model:	communications eagle application processor	scope:	lte	version:	16.4.0	Trust: 1.0
vendor:	oracle	model:	financial services asset liability management	scope:	eq	version:	8.0.6	Trust: 1.0
vendor:	oracle	model:	financial services regulatory reporting for us federal reserve	scope:	gte	version:	8.0.6	Trust: 1.0
vendor:	netapp	model:	max data	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	financial services institutional performance analytics	scope:	eq	version:	8.1.0	Trust: 1.0
vendor:	oracle	model:	financial services regulatory reporting for european banking authority	scope:	gte	version:	8.0.6	Trust: 1.0
vendor:	oracle	model:	jdeveloper	scope:	eq	version:	11.1.1.9.0	Trust: 1.0
vendor:	oracle	model:	retail returns management	scope:	eq	version:	14.0	Trust: 1.0
vendor:	oracle	model:	financial services loan loss forecasting and provisioning	scope:	lte	version:	8.0.8	Trust: 1.0
vendor:	oracle	model:	agile product supplier collaboration for process	scope:	eq	version:	6.2.0.0	Trust: 1.0
vendor:	oracle	model:	financial services analytical applications infrastructure	scope:	lte	version:	8.1.0	Trust: 1.0
vendor:	oracle	model:	application testing suite	scope:	eq	version:	13.3.0.1	Trust: 1.0
vendor:	oracle	model:	retail back office	scope:	eq	version:	14.1	Trust: 1.0
vendor:	oracle	model:	hospitality simphony	scope:	gte	version:	19.1.0	Trust: 1.0
vendor:	oracle	model:	banking digital experience	scope:	eq	version:	19.1	Trust: 1.0
vendor:	oracle	model:	weblogic server	scope:	eq	version:	12.1.3.0.0	Trust: 1.0
vendor:	oracle	model:	communications webrtc session controller	scope:	eq	version:	7.2	Trust: 1.0
vendor:	oracle	model:	communications billing and revenue management	scope:	eq	version:	7.5.0.23.0	Trust: 1.0
vendor:	oracle	model:	financial services hedge management and ifrs valuations	scope:	lte	version:	8.0.8	Trust: 1.0
vendor:	oracle	model:	financial services institutional performance analytics	scope:	eq	version:	8.0.7	Trust: 1.0
vendor:	oracle	model:	financial services data integration hub	scope:	eq	version:	8.0.6	Trust: 1.0
vendor:	opensuse	model:	leap	scope:	eq	version:	15.1	Trust: 1.0
vendor:	netapp	model:	h700s	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	financial services liquidity risk measurement and management	scope:	eq	version:	8.0.8	Trust: 1.0
vendor:	oracle	model:	retail customer management and segmentation foundation	scope:	eq	version:	19.0	Trust: 1.0
vendor:	netapp	model:	oncommand system manager	scope:	lte	version:	3.1.3	Trust: 1.0

sources: NVD: CVE-2020-11022

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-11022
value:	MEDIUM
Trust: 1.0
security-advisories@github.com:	CVE-2020-11022
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202004-2429
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-163559
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-11022
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-11022
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-163559
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-11022
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 1.0
security-advisories@github.com:	CVE-2020-11022
baseSeverity:	MEDIUM
baseScore:	6.9
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	1.6
impactScore:	4.7
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-163559 // VULMON: CVE-2020-11022 // CNNVD: CNNVD-202004-2429 // NVD: CVE-2020-11022 // NVD: CVE-2020-11022

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.1

sources: VULHUB: VHN-163559 // NVD: CVE-2020-11022

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-2429

TYPE

code execution, xss

Trust: 0.6

sources: PACKETSTORM: 171213 // PACKETSTORM: 171211 // PACKETSTORM: 170821 // PACKETSTORM: 170823 // PACKETSTORM: 161727 // PACKETSTORM: 158282

PATCH

title:	jQuery Fixes for cross-site scripting vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=117510	Trust: 0.6
title:	Red Hat: Moderate: OpenShift Container Platform 3.11 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202217 - Security Advisory	Trust: 0.1
title:	Debian Security Advisories: DSA-4693-1 drupal7 -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=978f239ce60a8a08c53eb64ba189d0f6	Trust: 0.1
title:	Red Hat: Moderate: Red Hat AMQ Interconnect 1.9.0 release and security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204211 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: Red Hat Virtualization security, bug fix, and enhancement update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203807 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: Red Hat OpenShift Service Mesh security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202362 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: security update - Red Hat Ansible Tower 3.7.4-1 - RHEL7 Container	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20205249 - Security Advisory	Trust: 0.1
title:	Debian CVElist Bug Report Logs: wordpress: WordPress 5.9.2 security and maintenance release	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=e7014c0a68e8d9bc31a54125059176dc	Trust: 0.1
title:	Red Hat: Important: RHV Manager (ovirt-engine) [ovirt-4.5.2] bug fix and security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20226393 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: ipa security, bug fix, and enhancement update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203936 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: RHV Manager (ovirt-engine) 4.4 security, bug fix, and enhancement update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203247 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204670 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat Single Sign-On 7.4.1 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202813 - Security Advisory	Trust: 0.1
title:	Tenable Security Advisories: [R1] Nessus 8.13.0 Fixes One Third-party Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2020-10	Trust: 0.1
title:	HP: SUPPORT COMMUNICATION- SECURITY BULLETIN HPSBPI03688 rev. 1 - Certain HP Printer and MFP products - Cross-Site Scripting (XSS)	url:	https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=0c6e8f969487f201b1d56f59bd98f443	Trust: 0.1
title:	HP: SUPPORT COMMUNICATION- SECURITY BULLETIN HPSBPI03688 rev. 1 - Certain HP Printer and MFP products - Cross-Site Scripting (XSS)	url:	https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=e57a04f097f54c762da82263eadc1b8a	Trust: 0.1
title:	Red Hat: Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204847 - Security Advisory	Trust: 0.1
title:	Tenable Security Advisories: [R1] Nessus Network Monitor 5.13.0 Fixes One Third-party Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2021-02	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20230556 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20230554 - Security Advisory	Trust: 0.1
title:	Tenable Security Advisories: [R1] Tenable.sc 5.17.0 Fixes Multiple Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2020-11	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2020-1519	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2020-1519	Trust: 0.1
title:	Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Common Services	url:	https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2020-130	Trust: 0.1
title:	Tenable Security Advisories: [R1] LCE 6.0.9 Fixes Multiple Third-party Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2021-10	Trust: 0.1
title:	Red Hat: Important: Red Hat Single Sign-On 7.6.2 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20231049 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat Single Sign-On 7.6.2 security update on RHEL 9	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20231045 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat Single Sign-On 7.6.2 security update on RHEL 7	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20231043 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat Single Sign-On 7.6.2 security update on RHEL 8	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20231044 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat Single Sign-On 7.6.2 for OpenShift image security and enhancement update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20231047 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: OpenShift Container Platform 4.6.1 image security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204298 - Security Advisory	Trust: 0.1
title:	Geolocation Playground	url:	https://github.com/blaufish/geo	Trust: 0.1
title:	https-nj.gov---CVE-2020-11022 RECOMMENDATION REFERENCES	url:	https://github.com/Snorlyd/https-nj.gov---CVE-2020-11022	Trust: 0.1
title:	https-nj.gov---CVE-2020-11022 RECOMMENDATION REFERENCES	url:	https://github.com/korestreet/https-nj.gov---CVE-2020-11022	Trust: 0.1
title:	AlmostSignificant	url:	https://github.com/bartongroup/AlmostSignificant	Trust: 0.1
title:	Bagel Patch Website TO DO:	url:	https://github.com/corey-schneider/bagel-shop	Trust: 0.1
title:	JS_Encoder	url:	https://github.com/AssassinUKG/JS_Encoder	Trust: 0.1
title:	XSSPlayground What is XSS?	url:	https://github.com/AssassinUKG/XSSPlayground	Trust: 0.1
title:	jQuery XSS	url:	https://github.com/EmptyHeart5292/jQuery-XSS	Trust: 0.1
title:	https://github.com/DanielRuf/snyk-js-jquery-565129	url:	https://github.com/DanielRuf/snyk-js-jquery-565129	Trust: 0.1
title:	CVE-2020-11022 CVE-2020-11023	url:	https://github.com/0xAJ2K/CVE-2020-11022-CVE-2020-11023	Trust: 0.1
title:	Strings_Attached User Experience Development Process Testing Bugs Libraries and Programs Used Deployment Credits Acknowledgements	url:	https://github.com/johnrearden/strings_attached	Trust: 0.1
title:	CVEcrystalyer	url:	https://github.com/captcha-n00b/CVEcrystalyer	Trust: 0.1
title:	CVE Sandbox :: jQuery	url:	https://github.com/cve-sandbox/jquery	Trust: 0.1
title:	jQuery — New Wave JavaScript	url:	https://github.com/spurreiter/jquery	Trust: 0.1
title:	Github Repository Security Alerts	url:	https://github.com/elifesciences/github-repo-security-alerts	Trust: 0.1
title:	Case Study	url:	https://github.com/faizhaffizudin/Case-Study-Hamsa	Trust: 0.1
title:	Retire HTML Parser	url:	https://github.com/marksowell/retire-html-parser	Trust: 0.1
title:	https://github.com/octane23/CASE-STUDY-1	url:	https://github.com/octane23/CASE-STUDY-1	Trust: 0.1
title:	Awesome-POC	url:	https://github.com/ArrestX/--POC	Trust: 0.1
title:	Normal-POC	url:	https://github.com/Miraitowa70/POC-Notes	Trust: 0.1
title:	Normal-POC	url:	https://github.com/Miraitowa70/Pentest-Notes	Trust: 0.1
title:	Vulnerability	url:	https://github.com/tzwlhack/Vulnerability	Trust: 0.1
title:	Awesome-POC	url:	https://github.com/KayCHENvip/vulnerability-poc	Trust: 0.1
title:	Awesome-POC	url:	https://github.com/Threekiii/Awesome-POC	Trust: 0.1
title:	欢迎关注阿尔法实验室微信公众号	url:	https://github.com/alphaSeclab/sec-daily-2020	Trust: 0.1
title:	SecBooks SecBooks目录	url:	https://github.com/SexyBeast233/SecBooks	Trust: 0.1
title:	PoC in GitHub	url:	https://github.com/soosmile/POC	Trust: 0.1

sources: VULMON: CVE-2020-11022 // CNNVD: CNNVD-202004-2429

EXTERNAL IDS

db:	NVD	id:	CVE-2020-11022	Trust: 2.5
db:	PACKETSTORM	id:	162159	Trust: 1.8
db:	TENABLE	id:	TNS-2021-02	Trust: 1.8
db:	TENABLE	id:	TNS-2020-10	Trust: 1.8
db:	TENABLE	id:	TNS-2020-11	Trust: 1.8
db:	TENABLE	id:	TNS-2021-10	Trust: 1.8
db:	PACKETSTORM	id:	170823	Trust: 0.8
db:	PACKETSTORM	id:	159852	Trust: 0.8
db:	PACKETSTORM	id:	170821	Trust: 0.8
db:	PACKETSTORM	id:	161727	Trust: 0.8
db:	PACKETSTORM	id:	160274	Trust: 0.7
db:	PACKETSTORM	id:	159275	Trust: 0.7
db:	PACKETSTORM	id:	159353	Trust: 0.7
db:	PACKETSTORM	id:	168304	Trust: 0.7
db:	PACKETSTORM	id:	158750	Trust: 0.7
db:	PACKETSTORM	id:	159513	Trust: 0.7
db:	PACKETSTORM	id:	157850	Trust: 0.7
db:	PACKETSTORM	id:	158555	Trust: 0.7
db:	CNNVD	id:	CNNVD-202004-2429	Trust: 0.7
db:	PACKETSTORM	id:	158282	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.2694	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0620	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0845	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.4248	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3700	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2775	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1066	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2287	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1916	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3485	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0909	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1961	Trust: 0.6
db:	AUSCERT	id:	ESB-2023.0583	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3902	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3368	Trust: 0.6
db:	AUSCERT	id:	ESB-2023.0585	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2515	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1880	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1863	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1519	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0824	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2375	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0465	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3255	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2966	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.5150	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2525	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1804	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3875	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2660	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1925	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.1512	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2660.3	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3028	Trust: 0.6
db:	AUSCERT	id:	ESB-2023.1653	Trust: 0.6
db:	CS-HELP	id:	SB2022071412	Trust: 0.6
db:	CS-HELP	id:	SB2021042543	Trust: 0.6
db:	CS-HELP	id:	SB2022072094	Trust: 0.6
db:	CS-HELP	id:	SB2021101936	Trust: 0.6
db:	CS-HELP	id:	SB2022041931	Trust: 0.6
db:	CS-HELP	id:	SB2022042537	Trust: 0.6
db:	CS-HELP	id:	SB2022012403	Trust: 0.6
db:	CS-HELP	id:	SB2021072292	Trust: 0.6
db:	CS-HELP	id:	SB2022022516	Trust: 0.6
db:	CS-HELP	id:	SB2021072721	Trust: 0.6
db:	CS-HELP	id:	SB2022012754	Trust: 0.6
db:	CS-HELP	id:	SB2021042618	Trust: 0.6
db:	CS-HELP	id:	SB2021042302	Trust: 0.6
db:	CXSECURITY	id:	WLB-2022060033	Trust: 0.6
db:	EXPLOIT-DB	id:	49766	Trust: 0.6
db:	PACKETSTORM	id:	157905	Trust: 0.6
db:	PACKETSTORM	id:	158406	Trust: 0.6
db:	LENOVO	id:	LEN-60182	Trust: 0.6
db:	ICS CERT	id:	ICSA-22-097-01	Trust: 0.6
db:	NSFOCUS	id:	48898	Trust: 0.6
db:	PACKETSTORM	id:	171213	Trust: 0.2
db:	PACKETSTORM	id:	171214	Trust: 0.1
db:	PACKETSTORM	id:	171212	Trust: 0.1
db:	PACKETSTORM	id:	171215	Trust: 0.1
db:	PACKETSTORM	id:	159876	Trust: 0.1
db:	PACKETSTORM	id:	170819	Trust: 0.1
db:	PACKETSTORM	id:	170817	Trust: 0.1
db:	VULHUB	id:	VHN-163559	Trust: 0.1
db:	ICS CERT	id:	ICSA-22-055-02	Trust: 0.1
db:	VULMON	id:	CVE-2020-11022	Trust: 0.1
db:	PACKETSTORM	id:	171211	Trust: 0.1

sources: VULHUB: VHN-163559 // VULMON: CVE-2020-11022 // PACKETSTORM: 159852 // PACKETSTORM: 171213 // PACKETSTORM: 171211 // PACKETSTORM: 170821 // PACKETSTORM: 170823 // PACKETSTORM: 161727 // PACKETSTORM: 158282 // CNNVD: CNNVD-202004-2429 // NVD: CVE-2020-11022

REFERENCES

url:	http://packetstormsecurity.com/files/162159/jquery-1.2-cross-site-scripting.html	Trust: 2.4
url:	https://www.oracle.com/security-alerts/cpuapr2021.html	Trust: 2.4
url:	https://www.oracle.com/security-alerts/cpuapr2022.html	Trust: 2.4
url:	https://www.oracle.com/security-alerts/cpujan2021.html	Trust: 2.4
url:	https://www.oracle.com/security-alerts/cpujul2020.html	Trust: 2.4
url:	https://www.oracle.com/security-alerts/cpuoct2020.html	Trust: 2.4
url:	https://www.oracle.com/security-alerts/cpuoct2021.html	Trust: 2.4
url:	https://www.debian.org/security/2020/dsa-4693	Trust: 1.9
url:	https://github.com/jquery/jquery/security/advisories/ghsa-gxr4-xjj5-5px2	Trust: 1.8
url:	https://security.netapp.com/advisory/ntap-20200511-0006/	Trust: 1.8
url:	https://www.drupal.org/sa-core-2020-002	Trust: 1.8
url:	https://www.tenable.com/security/tns-2020-10	Trust: 1.8
url:	https://www.tenable.com/security/tns-2020-11	Trust: 1.8
url:	https://www.tenable.com/security/tns-2021-02	Trust: 1.8
url:	https://www.tenable.com/security/tns-2021-10	Trust: 1.8
url:	https://security.gentoo.org/glsa/202007-03	Trust: 1.8
url:	https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/	Trust: 1.8
url:	https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77	Trust: 1.8
url:	https://jquery.com/upgrade-guide/3.5/	Trust: 1.8
url:	https://www.oracle.com//security-alerts/cpujul2021.html	Trust: 1.8
url:	https://www.oracle.com/security-alerts/cpujan2022.html	Trust: 1.8
url:	https://www.oracle.com/security-alerts/cpujul2022.html	Trust: 1.8
url:	https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11022	Trust: 1.3
url:	https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/voe7p7apprqkd4fgnhbkjpdy6ffcoh3w/	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/qpn2l2xvqgua2v5hnqjwhk3apsk3vn7k/	Trust: 1.1
url:	https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133%40%3ccommits.airflow.apache.org%3e	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/sfp4uk4egp4afh2mwyj5a5z4i7xvfq6b/	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/avkyxlwclzbv2n7m46kyk4lva5oxwpby/	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/sapqvx3xdnpgft26qaq6ajixzzbz4cd4/	Trust: 1.1
url:	https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3cissues.flink.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3cdev.flink.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3cissues.flink.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3cissues.flink.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3cissues.flink.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3cissues.flink.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3cissues.flink.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3cissues.flink.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3cissues.flink.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3cissues.flink.apache.org%3e	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/avkyxlwclzbv2n7m46kyk4lva5oxwpby/	Trust: 0.7
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/voe7p7apprqkd4fgnhbkjpdy6ffcoh3w/	Trust: 0.7
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/qpn2l2xvqgua2v5hnqjwhk3apsk3vn7k/	Trust: 0.7
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/sfp4uk4egp4afh2mwyj5a5z4i7xvfq6b/	Trust: 0.7
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/sapqvx3xdnpgft26qaq6ajixzzbz4cd4/	Trust: 0.7
url:	https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133@%3ccommits.airflow.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67@%3cdev.flink.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d@%3cissues.flink.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48@%3cissues.flink.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760@%3cissues.flink.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c@%3cissues.flink.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3cissues.flink.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3cissues.flink.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3cissues.flink.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3cissues.flink.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36@%3cissues.flink.apache.org%3e	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11023	Trust: 0.7
url:	https://access.redhat.com/security/cve/cve-2020-11023	Trust: 0.7
url:	https://access.redhat.com/security/team/contact/	Trust: 0.7
url:	https://bugzilla.redhat.com/):	Trust: 0.7
url:	https://access.redhat.com/security/cve/cve-2020-11022	Trust: 0.7
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022041931	Trust: 0.6
url:	https://packetstormsecurity.com/files/161727/red-hat-security-advisory-2021-0778-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/159275/red-hat-security-advisory-2020-3807-01.html	Trust: 0.6
url:	https://www.oracle.com/security-alerts/cpujul2021.html	Trust: 0.6
url:	https://www.exploit-db.com/exploits/49766	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/48898	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3875/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-jquery-vulnerabilities-affect-ibm-emptoris-strategic-supply-management-platform-cve-2020-11023-cve-2020-11022/	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/6520510	Trust: 0.6
url:	https://packetstormsecurity.com/files/158555/gentoo-linux-security-advisory-202007-03.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-jquery-as-used-by-ibm-qradar-network-packet-capture-is-vulnerable-to-cross-site-scripting-xss-cve-2020-11023-cve-2020-11022/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021072292	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities-10/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities-8/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2375/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1066	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.5150	Trust: 0.6
url:	https://packetstormsecurity.com/files/168304/red-hat-security-advisory-2022-6393-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021042543	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1804/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1925/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021042302	Trust: 0.6
url:	https://packetstormsecurity.com/files/160274/red-hat-security-advisory-2020-5249-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021072721	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022022516	Trust: 0.6
url:	https://packetstormsecurity.com/files/157850/red-hat-security-advisory-2020-2217-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022072094	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021101936	Trust: 0.6
url:	https://packetstormsecurity.com/files/158406/red-hat-security-advisory-2020-2412-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2660.3/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lms-on-premise-all-jquery-publicly-disclosed-vulnerability-cve-2020-11023-cve-2020-11022/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-workspace-is-affected-by-security-vulnerabilities-3/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jquery-affect-ibm-wiotp-messagegateway-cve-2020-11023-cve-2020-11022/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1916	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1519	Trust: 0.6
url:	https://packetstormsecurity.com/files/170821/red-hat-security-advisory-2023-0552-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2023.0585	Trust: 0.6
url:	https://packetstormsecurity.com/files/159852/red-hat-security-advisory-2020-4847-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2660/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2023.0583	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-license-key-server-administration-and-reporting-tool-is-impacted-by-multiple-vulnerabilities-in-jquery-bootstrap-and-angularjs/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerability-issues-affect-ibm-spectrum-symphony-7-3-1/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerabilities-in-jquery-might-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2020-7656-cve-2020-11022-cve-2020-11023/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3255/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3485/	Trust: 0.6
url:	https://packetstormsecurity.com/files/159513/red-hat-security-advisory-2020-4211-01.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lcms-premier-on-premise-all-jquery-publicly-disclosed-vulnerability-cve-2020-11023-cve-2020-11022/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.4248/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2287/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2966/	Trust: 0.6
url:	https://packetstormsecurity.com/files/157905/red-hat-security-advisory-2020-2362-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1880/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2023.1653	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2694/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022042537	Trust: 0.6
url:	https://packetstormsecurity.com/files/158282/red-hat-security-advisory-2020-2813-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021042618	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0845	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2775/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-jquery-affect-ibm-license-metric-tool-v9/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0824	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-verify-information-queue-uses-a-node-js-package-with-known-vulnerabilities-cve-2020-11023-cve-2020-11022/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1961/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1512	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerabilities-in-jquery-might-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2020-7656-cve-2020-11022-cve-2020-11023-2/	Trust: 0.6
url:	https://packetstormsecurity.com/files/159353/red-hat-security-advisory-2020-3936-01.html	Trust: 0.6
url:	https://support.lenovo.com/us/en/product_security/len-60182	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilites-affect-ibm-jazz-foundation-and-ibm-engineering-products-5/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3028/	Trust: 0.6
url:	https://cxsecurity.com/issue/wlb-2022060033	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2515	Trust: 0.6
url:	https://packetstormsecurity.com/files/158750/red-hat-security-advisory-2020-3247-01.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-jquery-as-used-in-ibm-security-qradar-packet-capture-is-vulnerable-to-cross-site-scripting-xss-cve-2020-11023-cve-2020-11022/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022012754	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0465	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/6525182	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-netcool-impact-is-affected-by-jquery-vulnerabilities-cve-2020-11022-cve-2020-11023/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-vulnerabilities-in-drupal-cve-2020-11022-cve-2020-11023/	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/6490381	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1863/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-vulnerabilities-in-drupal-cve-2020-11022-cve-2020-11023-2/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jquery-fixed-in-mobile-foundation-cve-2020-11023-cve-2020-11022/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3700/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022071412	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0909	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-fixed-in-ibm-security-identity-manager-virtual-appliance/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3902/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2525	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0620	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022012403	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-jquery-spring-dom4j-mongodb-linux-kernel-targetcli-fb-jackson-node-js-and-apache-commons-affect-ibm-spectrum-protect-plus/	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-22-097-01	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-has-been-identified-in-bigfix-platform-shipped-with-ibm-license-metric-tool-2/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3368/	Trust: 0.6
url:	https://packetstormsecurity.com/files/170823/red-hat-security-advisory-2023-0553-01.html	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2018-14042	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2018-14040	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14042	Trust: 0.5
url:	https://access.redhat.com/articles/11258	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2019-11358	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11358	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14040	Trust: 0.5
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.5
url:	https://access.redhat.com/security/team/key/	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2022-40150	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2022-40149	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2022-45047	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2022-46364	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2022-42004	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2022-45693	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2022-42003	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2015-9251	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-8331	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-10735	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2015-9251	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2016-10735	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8331	Trust: 0.3
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-38750	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-1471	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1438	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-3916	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-25857	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-46175	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-35065	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-44906	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-44906	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2023-0091	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-24785	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-3782	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-2764	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-2764	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-4137	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-46363	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1471	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2023-0264	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-38751	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-1274	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-37603	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-38749	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-31129	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-35065	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-1438	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25857	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-24785	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1274	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-3143	Trust: 0.2
url:	https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/	Trust: 0.2
url:	https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14041	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-40150	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2017-18214	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-40152	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-40149	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-40152	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-14041	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2017-18214	Trust: 0.2
url:	https://issues.jboss.org/):	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-3143	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:2217	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/blaufish/geo	Trust: 0.1
url:	https://www.cisa.gov/uscert/ics/advisories/icsa-22-055-02	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1721	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-10146	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10221	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-1721	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15720	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-15720	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10146	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-10179	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10179	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-10221	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:4847	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-2237	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2023:1049	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-2237	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-31129	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2023:1044	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2023:0552	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2023:0553	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12723	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17006	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-20907	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-12749	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-12401	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12402	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1971	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14866	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20372	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10878	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20228	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-7595	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20843	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20253	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-17006	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-11719	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20388	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12401	Trust: 0.1
url:	https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-17023	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17023	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12749	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-6829	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:0778	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-14866	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-8177	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-12403	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12400	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-20388	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-12723	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19956	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11756	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-11756	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-12243	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10543	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-12400	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20191	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-11727	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12243	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-1971	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11719	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20180	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11727	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-5766	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12403	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-15903	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10878	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20178	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-5766	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-15903	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-20372	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-19956	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-17498	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17498	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20907	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10543	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-35678	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-20843	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-12402	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9547	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.4/	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9546	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9547	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches&product=core.service.rhsso&version=7.4	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10719	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10748	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9548	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9548	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-8840	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9546	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1694	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-8840	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10748	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-1714	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:2813	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1714	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10719	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-1694	Trust: 0.1

CREDITS

Red Hat

Trust: 0.7

sources: PACKETSTORM: 159852 // PACKETSTORM: 171213 // PACKETSTORM: 171211 // PACKETSTORM: 170821 // PACKETSTORM: 170823 // PACKETSTORM: 161727 // PACKETSTORM: 158282

SOURCES

db:	VULHUB	id:	VHN-163559
db:	VULMON	id:	CVE-2020-11022
db:	PACKETSTORM	id:	159852
db:	PACKETSTORM	id:	171213
db:	PACKETSTORM	id:	171211
db:	PACKETSTORM	id:	170821
db:	PACKETSTORM	id:	170823
db:	PACKETSTORM	id:	161727
db:	PACKETSTORM	id:	158282
db:	CNNVD	id:	CNNVD-202004-2429
db:	NVD	id:	CVE-2020-11022

LAST UPDATE DATE

2025-01-28T22:33:22.822000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-163559	date:	2022-07-25T00:00:00
db:	VULMON	id:	CVE-2020-11022	date:	2023-11-07T00:00:00
db:	CNNVD	id:	CNNVD-202004-2429	date:	2023-03-21T00:00:00
db:	NVD	id:	CVE-2020-11022	date:	2024-11-21T04:56:36.110

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-163559	date:	2020-04-29T00:00:00
db:	VULMON	id:	CVE-2020-11022	date:	2020-04-29T00:00:00
db:	PACKETSTORM	id:	159852	date:	2020-11-04T15:29:15
db:	PACKETSTORM	id:	171213	date:	2023-03-02T15:19:28
db:	PACKETSTORM	id:	171211	date:	2023-03-02T15:19:02
db:	PACKETSTORM	id:	170821	date:	2023-01-31T17:21:40
db:	PACKETSTORM	id:	170823	date:	2023-01-31T17:26:38
db:	PACKETSTORM	id:	161727	date:	2021-03-09T16:25:11
db:	PACKETSTORM	id:	158282	date:	2020-07-02T15:43:25
db:	CNNVD	id:	CNNVD-202004-2429	date:	2020-04-29T00:00:00
db:	NVD	id:	CVE-2020-11022	date:	2020-04-29T22:15:11.903