CVE-2019-17091

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 02-10-2019 04:15

Last modified: - 06-04-2022 08:00

Total changes: - 5

Description

faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client window field is mishandled.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Low

Attack complexity

Network

Attack vector

None

Availability

Low

Confidentiality

Low

Integrity

None

Privileges required

Changed

Scope

Required

User interaction

6.1

Base score

2.8

2.7

Exploitability score

Impact score

Verification logic

vendor=eclipse AND product=mojarra AND versionStartIncluding=2.3.0 AND versionEndExcluding=2.3.10

vendor=oracle AND product=mojarra_javaserver_faces AND versionStartIncluding=2.2.0 AND versionEndExcluding=2.2.20

vendor=oracle AND product=application_testing_suite AND version=13.2.0.1

vendor=oracle AND product=application_testing_suite AND version=13.3.0.1

vendor=oracle AND product=banking_enterprise_product_manufacturing AND version=2.7.0

vendor=oracle AND product=banking_enterprise_product_manufacturing AND version=2.8.0

vendor=oracle AND product=communications_diameter_signaling_router AND versionEndIncluding=8.4.0.5 AND versionStartIncluding=8.0.0.0

vendor=oracle AND product=communications_network_integrity AND version=7.3.5

vendor=oracle AND product=communications_network_integrity AND version=7.3.6

vendor=oracle AND product=communications_unified_inventory_management AND version=7.3.0

vendor=oracle AND product=communications_unified_inventory_management AND version=7.4.0

vendor=oracle AND product=enterprise_data_quality AND version=12.2.1.3.0

vendor=oracle AND product=health_sciences_information_manager AND version=3.0

vendor=oracle AND product=healthcare_data_repository AND version=7.0

vendor=oracle AND product=primavera_p6_enterprise_project_portfolio_management AND versionEndIncluding=15.2.18.7 AND versionStartIncluding=15.1.0.0

vendor=oracle AND product=primavera_p6_enterprise_project_portfolio_management AND versionEndIncluding=16.2.19.0 AND versionStartIncluding=16.1.0.0

vendor=oracle AND product=primavera_p6_enterprise_project_portfolio_management AND versionEndIncluding=17.12.15.0 AND versionStartIncluding=17.1.0.0

vendor=oracle AND product=primavera_p6_enterprise_project_portfolio_management AND versionEndIncluding=18.8.15.0 AND versionStartIncluding=18.1.0.0

vendor=oracle AND product=primavera_p6_enterprise_project_portfolio_management AND version=19.12.0.0

vendor=oracle AND product=rapid_planning AND version=12.1

vendor=oracle AND product=rapid_planning AND version=12.2

vendor=oracle AND product=retail_advanced_inventory_planning AND version=15.0

vendor=oracle AND product=retail_advanced_inventory_planning AND version=16.0

vendor=oracle AND product=retail_assortment_planning AND version=16.0.3

vendor=oracle AND product=retail_bulk_data_integration AND version=16.0.3.0

vendor=oracle AND product=retail_financial_integration AND version=15.0

vendor=oracle AND product=retail_financial_integration AND version=16.0

vendor=oracle AND product=retail_integration_bus AND version=15.0

vendor=oracle AND product=retail_integration_bus AND version=16.0

vendor=oracle AND product=retail_invoice_matching AND version=16.0

vendor=oracle AND product=retail_merchandising_system AND version=16.0

vendor=oracle AND product=retail_service_backbone AND version=15.0

vendor=oracle AND product=retail_service_backbone AND version=16.0

vendor=oracle AND product=retail_store_inventory_management AND version=14.0.4

vendor=oracle AND product=retail_store_inventory_management AND version=14.1.3

vendor=oracle AND product=retail_store_inventory_management AND version=15.0.3

vendor=oracle AND product=retail_store_inventory_management AND version=16.0.3

vendor=oracle AND product=secure_global_desktop AND version=5.4

vendor=oracle AND product=secure_global_desktop AND version=5.5

vendor=oracle AND product=time_and_labor AND versionEndIncluding=12.2.11 AND versionStartIncluding=12.2.6

Reference

Keywords

CVE-2019-17091

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2019-17091

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures