{"containers": {"cna": {"affected": [{"product": "picketlink", "vendor": "Red Hat", "versions": [{"status": "affected", "version": "as shipped with Jboss Enterprise Application Server 7.2"}]}], "descriptions": [{"lang": "en", "value": "It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve cross-site scripting or possibly conduct further attacks."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-07-06T18:06:04", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3873"}, {"name": "108739", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/108739"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T19:19:18.682Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3873"}, {"name": "108739", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/108739"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2019-3873", "datePublished": "2019-06-12T13:43:46", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-08-04T19:19:18.682Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "0952BA1A-5DF9-400F-B01F-C3A398A8A2D4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", "vulnerable": false}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": false}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "9EFEC7CA-8DDA-48A6-A7B6-1F1D14792890", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve cross-site scripting or possibly conduct further attacks."}, {"lang": "es", "value": "Se encontr\u00f3 que Picketlink, tal como se distribuye con Jboss Enterprise Application Platform versi\u00f3n 7.2, aceptar\u00eda un par\u00e1metro xinclude en XML SAMLresponse. Un atacante podr\u00eda usar esta fallo para enviar una URL para lograr cross-site scripting o posiblemente conducir m\u00e1s ataques."}], "id": "CVE-2019-3873", "lastModified": "2024-11-21T04:42:46.120", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L", "version": "3.0"}, "exploitabilityScore": 3.1, "impactScore": 2.7, "source": "secalert@redhat.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-06-12T14:29:04.713", "references": [{"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/108739"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3873"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/108739"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3873"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2019:1424", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2", "impact": "moderate", "package": "picketlink", "product_name": "Red Hat JBoss EAP 7.2", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1419", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "impact": "moderate", "package": "eap7-apache-commons-codec-0:1.11.0-2.redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1419", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "impact": "moderate", "package": "eap7-apache-cxf-0:3.2.7-2.redhat_00002.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1419", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "impact": "moderate", "package": "eap7-hal-console-0:3.0.11-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1419", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "impact": "moderate", "package": "eap7-hibernate-0:5.3.10-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1419", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "impact": "moderate", "package": "eap7-hornetq-0:2.4.7-7.Final_redhat_2.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1419", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "impact": "moderate", "package": "eap7-ironjacamar-0:1.4.16-2.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1419", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "impact": "moderate", "package": "eap7-javassist-0:3.23.2-2.GA_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1419", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "impact": "moderate", "package": "eap7-jboss-ejb-client-0:4.0.18-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1419", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "impact": "moderate", "package": "eap7-jboss-marshalling-0:2.0.7-2.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1419", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "impact": "moderate", "package": "eap7-jboss-modules-0:1.8.8-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1419", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "impact": "moderate", "package": "eap7-jboss-openjdk-orb-0:8.1.3-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1419", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "impact": "moderate", "package": "eap7-jboss-remoting-0:5.0.9-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1419", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "impact": "moderate", "package": "eap7-jboss-server-migration-0:1.3.1-2.Final_redhat_00002.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1419", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "impact": "moderate", "package": "eap7-jboss-xnio-base-0:3.6.6-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1419", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "impact": "moderate", "package": "eap7-jgroups-0:4.0.19-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1419", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "impact": "moderate", "package": "eap7-picketlink-bindings-0:2.5.5-17.SP12_redhat_00005.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1419", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "impact": "moderate", "package": "eap7-picketlink-federation-0:2.5.5-17.SP12_redhat_00005.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1419", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "impact": "moderate", "package": "eap7-resteasy-0:3.6.1-5.SP5_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1419", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "impact": "moderate", "package": "eap7-undertow-0:2.0.20-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1419", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "impact": "moderate", "package": "eap7-weld-core-0:3.0.6-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1419", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "impact": "moderate", "package": "eap7-wildfly-0:7.2.2-2.GA_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1419", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "impact": "moderate", "package": "eap7-wildfly-common-0:1.5.1-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1419", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "impact": "moderate", "package": "eap7-wildfly-discovery-0:1.1.2-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1419", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "impact": "moderate", "package": "eap7-wildfly-http-client-0:1.0.15-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1419", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "impact": "moderate", "package": "eap7-wildfly-naming-client-0:1.0.10-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1420", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "impact": "moderate", "package": "eap7-apache-commons-codec-0:1.11.0-2.redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1420", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "impact": "moderate", "package": "eap7-apache-cxf-0:3.2.7-2.redhat_00002.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1420", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "impact": "moderate", "package": "eap7-hal-console-0:3.0.11-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1420", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "impact": "moderate", "package": "eap7-hibernate-0:5.3.10-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1420", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "impact": "moderate", "package": "eap7-hornetq-0:2.4.7-7.Final_redhat_2.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1420", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "impact": "moderate", "package": "eap7-ironjacamar-0:1.4.16-2.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1420", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "impact": "moderate", "package": "eap7-javassist-0:3.23.2-2.GA_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1420", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "impact": "moderate", "package": "eap7-jboss-ejb-client-0:4.0.18-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1420", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "impact": "moderate", "package": "eap7-jboss-marshalling-0:2.0.7-2.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1420", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "impact": "moderate", "package": "eap7-jboss-modules-0:1.8.8-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1420", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "impact": "moderate", "package": "eap7-jboss-openjdk-orb-0:8.1.3-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1420", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "impact": "moderate", "package": "eap7-jboss-remoting-0:5.0.9-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1420", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "impact": "moderate", "package": "eap7-jboss-server-migration-0:1.3.1-2.Final_redhat_00002.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1420", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "impact": "moderate", "package": "eap7-jboss-xnio-base-0:3.6.6-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1420", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "impact": "moderate", "package": "eap7-jgroups-0:4.0.19-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1420", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "impact": "moderate", "package": "eap7-picketlink-bindings-0:2.5.5-17.SP12_redhat_00005.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1420", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "impact": "moderate", "package": "eap7-picketlink-federation-0:2.5.5-17.SP12_redhat_00005.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1420", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "impact": "moderate", "package": "eap7-resteasy-0:3.6.1-5.SP5_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1420", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "impact": "moderate", "package": "eap7-undertow-0:2.0.20-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1420", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "impact": "moderate", "package": "eap7-weld-core-0:3.0.6-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1420", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "impact": "moderate", "package": "eap7-wildfly-0:7.2.2-2.GA_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1420", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "impact": "moderate", "package": "eap7-wildfly-common-0:1.5.1-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1420", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "impact": "moderate", "package": "eap7-wildfly-discovery-0:1.1.2-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1420", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "impact": "moderate", "package": "eap7-wildfly-http-client-0:1.0.15-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1420", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "impact": "moderate", "package": "eap7-wildfly-naming-client-0:1.0.10-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1421", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "impact": "moderate", "package": "eap7-apache-commons-codec-0:1.11.0-2.redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1421", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "impact": "moderate", "package": "eap7-apache-cxf-0:3.2.7-2.redhat_00002.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1421", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "impact": "moderate", "package": "eap7-hal-console-0:3.0.11-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1421", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "impact": "moderate", "package": "eap7-hibernate-0:5.3.10-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1421", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "impact": "moderate", "package": "eap7-hornetq-0:2.4.7-7.Final_redhat_2.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1421", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "impact": "moderate", "package": "eap7-ironjacamar-0:1.4.16-2.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1421", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "impact": "moderate", "package": "eap7-javassist-0:3.23.2-2.GA_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1421", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "impact": "moderate", "package": "eap7-jboss-ejb-client-0:4.0.18-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1421", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "impact": "moderate", "package": "eap7-jboss-marshalling-0:2.0.7-2.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1421", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "impact": "moderate", "package": "eap7-jboss-modules-0:1.8.8-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1421", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "impact": "moderate", "package": "eap7-jboss-openjdk-orb-0:8.1.3-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1421", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "impact": "moderate", "package": "eap7-jboss-remoting-0:5.0.9-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1421", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "impact": "moderate", "package": "eap7-jboss-server-migration-0:1.3.1-2.Final_redhat_00002.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1421", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "impact": "moderate", "package": "eap7-jboss-xnio-base-0:3.6.6-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1421", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "impact": "moderate", "package": "eap7-jgroups-0:4.0.19-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1421", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "impact": "moderate", "package": "eap7-picketlink-bindings-0:2.5.5-17.SP12_redhat_00005.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1421", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "impact": "moderate", "package": "eap7-picketlink-federation-0:2.5.5-17.SP12_redhat_00005.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1421", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "impact": "moderate", "package": "eap7-resteasy-0:3.6.1-5.SP5_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1421", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "impact": "moderate", "package": "eap7-undertow-0:2.0.20-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1421", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "impact": "moderate", "package": "eap7-weld-core-0:3.0.6-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1421", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "impact": "moderate", "package": "eap7-wildfly-0:7.2.2-2.GA_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1421", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "impact": "moderate", "package": "eap7-wildfly-common-0:1.5.1-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1421", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "impact": "moderate", "package": "eap7-wildfly-discovery-0:1.1.2-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1421", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "impact": "moderate", "package": "eap7-wildfly-http-client-0:1.0.15-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1421", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "impact": "moderate", "package": "eap7-wildfly-naming-client-0:1.0.10-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:1456", "cpe": "cpe:/a:redhat:jboss_single_sign_on:7.3", "package": "picketlink", "product_name": "Red Hat Single Sign-On 7.3.2 zip", "release_date": "2019-06-11T00:00:00Z"}], "bugzilla": {"description": "picketlink: URL injection via xinclude parameter", "id": "1689014", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1689014"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L", "status": "verified"}, "cwe": "CWE-79", "details": ["It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve cross-site scripting or possibly conduct further attacks."], "name": "CVE-2019-3873", "public_date": "2019-06-10T15:16:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-3873\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3873"], "threat_severity": "Moderate"}