It was found that a SAMLRequest containing a script could be processed by Picketlink versions shipped in Jboss Application Platform 7.2.x and 7.1.x. An attacker could use this to send a malicious script to achieve cross-site scripting and obtain unauthorized information or conduct further attacks.
Metrics
No CVSS v4.0
No CVSS v3.1
Attack Vector Network
Attack Complexity Low
Privileges Required Low
Scope Unchanged
Confidentiality Impact Low
Integrity Impact Low
Availability Impact None
User Interaction None
Access Vector Network
Access Complexity Medium
Authentication Single
Confidentiality Impact None
Integrity Impact Partial
Availability Impact None
AV:N/AC:M/Au:S/C:N/I:P/A:N
This CVE is not in the KEV list.
Key SSVC decision points have not yet been added.
Affected Vendors & Products
Vendors | Products |
---|---|
Redhat |
|
Configuration 1 [-]
AND |
|
Configuration 2 [-]
|
Package | CPE | Advisory | Released Date |
---|---|---|---|
Red Hat JBoss EAP 7.2 | |||
picketlink | cpe:/a:redhat:jboss_enterprise_application_platform:7.2 | RHSA-2019:1424 | 2019-06-10T00:00:00Z |
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6 | |||
eap7-apache-commons-codec-0:1.11.0-2.redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:1419 | 2019-06-10T00:00:00Z |
eap7-apache-cxf-0:3.2.7-2.redhat_00002.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:1419 | 2019-06-10T00:00:00Z |
eap7-hal-console-0:3.0.11-1.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:1419 | 2019-06-10T00:00:00Z |
eap7-hibernate-0:5.3.10-1.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:1419 | 2019-06-10T00:00:00Z |
eap7-hornetq-0:2.4.7-7.Final_redhat_2.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:1419 | 2019-06-10T00:00:00Z |
eap7-ironjacamar-0:1.4.16-2.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:1419 | 2019-06-10T00:00:00Z |
eap7-javassist-0:3.23.2-2.GA_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:1419 | 2019-06-10T00:00:00Z |
eap7-jboss-ejb-client-0:4.0.18-1.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:1419 | 2019-06-10T00:00:00Z |
eap7-jboss-marshalling-0:2.0.7-2.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:1419 | 2019-06-10T00:00:00Z |
eap7-jboss-modules-0:1.8.8-1.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:1419 | 2019-06-10T00:00:00Z |
eap7-jboss-openjdk-orb-0:8.1.3-1.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:1419 | 2019-06-10T00:00:00Z |
eap7-jboss-remoting-0:5.0.9-1.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:1419 | 2019-06-10T00:00:00Z |
eap7-jboss-server-migration-0:1.3.1-2.Final_redhat_00002.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:1419 | 2019-06-10T00:00:00Z |
eap7-jboss-xnio-base-0:3.6.6-1.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:1419 | 2019-06-10T00:00:00Z |
eap7-jgroups-0:4.0.19-1.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:1419 | 2019-06-10T00:00:00Z |
eap7-picketlink-bindings-0:2.5.5-17.SP12_redhat_00005.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:1419 | 2019-06-10T00:00:00Z |
eap7-picketlink-federation-0:2.5.5-17.SP12_redhat_00005.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:1419 | 2019-06-10T00:00:00Z |
eap7-resteasy-0:3.6.1-5.SP5_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:1419 | 2019-06-10T00:00:00Z |
eap7-undertow-0:2.0.20-1.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:1419 | 2019-06-10T00:00:00Z |
eap7-weld-core-0:3.0.6-1.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:1419 | 2019-06-10T00:00:00Z |
eap7-wildfly-0:7.2.2-2.GA_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:1419 | 2019-06-10T00:00:00Z |
eap7-wildfly-common-0:1.5.1-1.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:1419 | 2019-06-10T00:00:00Z |
eap7-wildfly-discovery-0:1.1.2-1.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:1419 | 2019-06-10T00:00:00Z |
eap7-wildfly-http-client-0:1.0.15-1.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:1419 | 2019-06-10T00:00:00Z |
eap7-wildfly-naming-client-0:1.0.10-1.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:1419 | 2019-06-10T00:00:00Z |
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7 | |||
eap7-apache-commons-codec-0:1.11.0-2.redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:1420 | 2019-06-10T00:00:00Z |
eap7-apache-cxf-0:3.2.7-2.redhat_00002.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:1420 | 2019-06-10T00:00:00Z |
eap7-hal-console-0:3.0.11-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:1420 | 2019-06-10T00:00:00Z |
eap7-hibernate-0:5.3.10-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:1420 | 2019-06-10T00:00:00Z |
eap7-hornetq-0:2.4.7-7.Final_redhat_2.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:1420 | 2019-06-10T00:00:00Z |
eap7-ironjacamar-0:1.4.16-2.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:1420 | 2019-06-10T00:00:00Z |
eap7-javassist-0:3.23.2-2.GA_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:1420 | 2019-06-10T00:00:00Z |
eap7-jboss-ejb-client-0:4.0.18-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:1420 | 2019-06-10T00:00:00Z |
eap7-jboss-marshalling-0:2.0.7-2.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:1420 | 2019-06-10T00:00:00Z |
eap7-jboss-modules-0:1.8.8-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:1420 | 2019-06-10T00:00:00Z |
eap7-jboss-openjdk-orb-0:8.1.3-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:1420 | 2019-06-10T00:00:00Z |
eap7-jboss-remoting-0:5.0.9-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:1420 | 2019-06-10T00:00:00Z |
eap7-jboss-server-migration-0:1.3.1-2.Final_redhat_00002.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:1420 | 2019-06-10T00:00:00Z |
eap7-jboss-xnio-base-0:3.6.6-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:1420 | 2019-06-10T00:00:00Z |
eap7-jgroups-0:4.0.19-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:1420 | 2019-06-10T00:00:00Z |
eap7-picketlink-bindings-0:2.5.5-17.SP12_redhat_00005.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:1420 | 2019-06-10T00:00:00Z |
eap7-picketlink-federation-0:2.5.5-17.SP12_redhat_00005.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:1420 | 2019-06-10T00:00:00Z |
eap7-resteasy-0:3.6.1-5.SP5_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:1420 | 2019-06-10T00:00:00Z |
eap7-undertow-0:2.0.20-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:1420 | 2019-06-10T00:00:00Z |
eap7-weld-core-0:3.0.6-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:1420 | 2019-06-10T00:00:00Z |
eap7-wildfly-0:7.2.2-2.GA_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:1420 | 2019-06-10T00:00:00Z |
eap7-wildfly-common-0:1.5.1-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:1420 | 2019-06-10T00:00:00Z |
eap7-wildfly-discovery-0:1.1.2-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:1420 | 2019-06-10T00:00:00Z |
eap7-wildfly-http-client-0:1.0.15-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:1420 | 2019-06-10T00:00:00Z |
eap7-wildfly-naming-client-0:1.0.10-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:1420 | 2019-06-10T00:00:00Z |
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8 | |||
eap7-apache-commons-codec-0:1.11.0-2.redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:1421 | 2019-06-10T00:00:00Z |
eap7-apache-cxf-0:3.2.7-2.redhat_00002.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:1421 | 2019-06-10T00:00:00Z |
eap7-hal-console-0:3.0.11-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:1421 | 2019-06-10T00:00:00Z |
eap7-hibernate-0:5.3.10-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:1421 | 2019-06-10T00:00:00Z |
eap7-hornetq-0:2.4.7-7.Final_redhat_2.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:1421 | 2019-06-10T00:00:00Z |
eap7-ironjacamar-0:1.4.16-2.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:1421 | 2019-06-10T00:00:00Z |
eap7-javassist-0:3.23.2-2.GA_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:1421 | 2019-06-10T00:00:00Z |
eap7-jboss-ejb-client-0:4.0.18-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:1421 | 2019-06-10T00:00:00Z |
eap7-jboss-marshalling-0:2.0.7-2.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:1421 | 2019-06-10T00:00:00Z |
eap7-jboss-modules-0:1.8.8-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:1421 | 2019-06-10T00:00:00Z |
eap7-jboss-openjdk-orb-0:8.1.3-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:1421 | 2019-06-10T00:00:00Z |
eap7-jboss-remoting-0:5.0.9-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:1421 | 2019-06-10T00:00:00Z |
eap7-jboss-server-migration-0:1.3.1-2.Final_redhat_00002.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:1421 | 2019-06-10T00:00:00Z |
eap7-jboss-xnio-base-0:3.6.6-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:1421 | 2019-06-10T00:00:00Z |
eap7-jgroups-0:4.0.19-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:1421 | 2019-06-10T00:00:00Z |
eap7-picketlink-bindings-0:2.5.5-17.SP12_redhat_00005.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:1421 | 2019-06-10T00:00:00Z |
eap7-picketlink-federation-0:2.5.5-17.SP12_redhat_00005.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:1421 | 2019-06-10T00:00:00Z |
eap7-resteasy-0:3.6.1-5.SP5_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:1421 | 2019-06-10T00:00:00Z |
eap7-undertow-0:2.0.20-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:1421 | 2019-06-10T00:00:00Z |
eap7-weld-core-0:3.0.6-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:1421 | 2019-06-10T00:00:00Z |
eap7-wildfly-0:7.2.2-2.GA_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:1421 | 2019-06-10T00:00:00Z |
eap7-wildfly-common-0:1.5.1-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:1421 | 2019-06-10T00:00:00Z |
eap7-wildfly-discovery-0:1.1.2-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:1421 | 2019-06-10T00:00:00Z |
eap7-wildfly-http-client-0:1.0.15-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:1421 | 2019-06-10T00:00:00Z |
eap7-wildfly-naming-client-0:1.0.10-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:1421 | 2019-06-10T00:00:00Z |
Red Hat Single Sign-On 7.3.2 zip | |||
picketlink | cpe:/a:redhat:jboss_single_sign_on:7.3 | RHSA-2019:1456 | 2019-06-11T00:00:00Z |
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2019-06-12T13:45:56
Updated: 2024-08-04T19:19:18.614Z
Reserved: 2019-01-03T00:00:00
Link: CVE-2019-3872
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-06-12T14:29:04.667
Modified: 2024-11-21T04:42:46.010
Link: CVE-2019-3872
Redhat