CVE-2020-11022 - Vulnerability Details

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.22547.

Key SSVC decision points have not yet been added.

Vendors	Products
Debian	Debian Linux
Drupal	Drupal
Fedoraproject	Fedora
Jquery	Jquery
Netapp	H300e H300e Firmware H300s H300s Firmware H410c H410c Firmware H410s H410s Firmware H500e H500e Firmware H500s H500s Firmware H700e H700e Firmware H700s H700s Firmware Max Data Oncommand Insight Oncommand System Manager Snap Creator Framework Snapcenter
Opensuse	Leap
Oracle	Agile Product Lifecycle Management For Process Agile Product Supplier Collaboration For Process Application Testing Suite Banking Digital Experience Blockchain Platform Communications Application Session Controller Communications Billing And Revenue Management Communications Diameter Signaling Router Idih\ Communications Eagle Application Processor Communications Services Gatekeeper Communications Webrtc Session Controller Enterprise Manager Ops Center Enterprise Session Border Controller Financial Services Analytical Applications Infrastructure Financial Services Analytical Applications Reconciliation Framework Financial Services Asset Liability Management Financial Services Balance Sheet Planning Financial Services Basel Regulatory Capital Basic Financial Services Basel Regulatory Capital Internal Ratings Based Approach Financial Services Data Foundation Financial Services Data Governance For Us Regulatory Reporting Financial Services Data Integration Hub Financial Services Funds Transfer Pricing Financial Services Hedge Management And Ifrs Valuations Financial Services Institutional Performance Analytics Financial Services Liquidity Risk Management Financial Services Liquidity Risk Measurement And Management Financial Services Loan Loss Forecasting And Provisioning Financial Services Market Risk Measurement And Management Financial Services Price Creation And Discovery Financial Services Profitability Management Financial Services Regulatory Reporting For European Banking Authority Financial Services Regulatory Reporting For Us Federal Reserve Healthcare Foundation Hospitality Materials Control Hospitality Simphony Insurance Accounting Analyzer Insurance Allocation Manager For Enterprise Profitability Insurance Data Foundation Insurance Insbridge Rating And Underwriting Jdeveloper Peoplesoft Enterprise Peopletools Policy Automation Policy Automation Connector For Siebel Policy Automation For Mobile Devices Retail Back Office Retail Customer Management And Segmentation Foundation Retail Returns Management Siebel Ui Framework Storagetek Acsls Weblogic Server
Redhat	Amq Interconnect Ansible Tower Enterprise Linux Jboss Enterprise Application Platform Jboss Single Sign On Openshift Red Hat Single Sign On Rhev Manager Rhosemc Service Mesh
Tenable	Log Correlation Engine

Configuration 1 [-]

cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:a:drupal:drupal::::::::
	cpe:2.3:a:drupal:drupal::::::::
	cpe:2.3:a:drupal:drupal::::::::

Configuration 3 [-]

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 4 [-]

OR	cpe:2.3:o:fedoraproject:fedora:31:::::::*
	cpe:2.3:o:fedoraproject:fedora:32:::::::*
	cpe:2.3:o:fedoraproject:fedora:33:::::::*

Configuration 5 [-]

OR	cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:::::::*
	cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:::::::*
	cpe:2.3:a:oracle:banking_digital_experience:18.1:::::::*
	cpe:2.3:a:oracle:banking_digital_experience:18.2:::::::*
	cpe:2.3:a:oracle:banking_digital_experience:18.3:::::::*
	cpe:2.3:a:oracle:banking_digital_experience:19.1:::::::*
	cpe:2.3:a:oracle:banking_digital_experience:19.2:::::::*
	cpe:2.3:a:oracle:banking_digital_experience:20.1:::::::*
	cpe:2.3:a:oracle:blockchain_platform::::::::
	cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:::::::*
	cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:::::::*
	cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:::::::*
	cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\:::::::::
	cpe:2.3:a:oracle:communications_eagle_application_processor::::::::
	cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:::::::*
	cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:::::::*
	cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:::::::*
	cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:::::::*
	cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure::::::::
	cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework::::::::
	cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.7:::::::*
	cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:::::::*
	cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic::::::::
	cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach::::::::
	cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_data_foundation::::::::
	cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting::::::::
	cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.7:::::::*
	cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.7:::::::*
	cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations::::::::
	cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:::::::*
	cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:::::::*
	cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:::::::*
	cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning::::::::
	cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:::::::*
	cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:::::::*
	cpe:2.3:a:oracle:financial_services_profitability_management:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_profitability_management:8.0.7:::::::*
	cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority::::::::
	cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve::::::::
	cpe:2.3:a:oracle:healthcare_foundation:7.1.1:::::::*
	cpe:2.3:a:oracle:healthcare_foundation:7.2.0:::::::*
	cpe:2.3:a:oracle:healthcare_foundation:7.2.1:::::::*
	cpe:2.3:a:oracle:healthcare_foundation:7.3.0:::::::*
	cpe:2.3:a:oracle:hospitality_materials_control:18.1:::::::*
	cpe:2.3:a:oracle:hospitality_simphony::::::::
	cpe:2.3:a:oracle:hospitality_simphony:18.1:::::::*
cpe:2.3:a:oracle:hospitality_simphony:18.2:::::::*
cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:::::::*
cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:::::::*
cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:::::::*
cpe:2.3:a:oracle:insurance_data_foundation::::::::
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting::::::::
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:::::::*
cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:::::::*
cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:::::::*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:::::::*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:::::::*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:::::::*
cpe:2.3:a:oracle:policy_automation::::::::
cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:::::::*
cpe:2.3:a:oracle:policy_automation_for_mobile_devices::::::::
cpe:2.3:a:oracle:retail_back_office:14.0:::::::*
cpe:2.3:a:oracle:retail_back_office:14.1:::::::*
cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:::::::*
cpe:2.3:a:oracle:retail_returns_management:14.0:::::::*
cpe:2.3:a:oracle:retail_returns_management:14.1:::::::*
cpe:2.3:a:oracle:siebel_ui_framework:20.8:::::::*
cpe:2.3:a:oracle:storagetek_acsls:8.5.1:::::::*
cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:::::::*
cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:::::::*
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*

Configuration 6 [-]

OR	cpe:2.3:a:netapp:max_data:-:::::::*
	cpe:2.3:a:netapp:oncommand_insight:-:::::::*
	cpe:2.3:a:netapp:oncommand_system_manager::::::::
	cpe:2.3:a:netapp:snap_creator_framework:-:::::::*
	cpe:2.3:a:netapp:snapcenter:-:::::::*

Configuration 7 [-]

AND

cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

Configuration 15 [-]

OR	cpe:2.3:o:opensuse:leap:15.1:::::::*
	cpe:2.3:o:opensuse:leap:15.2:::::::*

Configuration 16 [-]

cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:*

Configuration 17 [-]

OR	cpe:2.3:a:oracle:agile_product_supplier_collaboration_for_process:6.2.0.0:::::::*
	cpe:2.3:a:oracle:banking_digital_experience::::::::
	cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:::::::*
	cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:::::::*
	cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:::::::*
	cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\:::::::::
	cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:::::::*
	cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:::::::*
	cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:::::::*
	cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure::::::::
	cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework::::::::
	cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.7:::::::*
	cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:::::::*
	cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic::::::::
	cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach::::::::
	cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_data_foundation::::::::
	cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting::::::::
	cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.7:::::::*
	cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.7:::::::*
	cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations::::::::
	cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:::::::*
	cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:::::::*
	cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:::::::*
	cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning::::::::
	cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:::::::*
	cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:::::::*
	cpe:2.3:a:oracle:financial_services_profitability_management:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_profitability_management:8.0.7:::::::*
	cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority::::::::
	cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve::::::::
	cpe:2.3:a:oracle:healthcare_foundation:7.1.1:::::::*
	cpe:2.3:a:oracle:healthcare_foundation:7.2.0:::::::*
	cpe:2.3:a:oracle:healthcare_foundation:7.2.1:::::::*
	cpe:2.3:a:oracle:healthcare_foundation:7.3.0:::::::*
	cpe:2.3:a:oracle:hospitality_materials_control:18.1:::::::*
	cpe:2.3:a:oracle:hospitality_simphony:18.1:::::::*
	cpe:2.3:a:oracle:hospitality_simphony:18.2:::::::*
	cpe:2.3:a:oracle:hospitality_simphony:19.1.0-19.1.2:::::::*
	cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:::::::*
	cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:::::::*
	cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:::::::*
	cpe:2.3:a:oracle:insurance_data_foundation:8.0.6-8.1.0:::::::*
	cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting::::::::
	cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:::::::*
	cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:::::::*
	cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:::::::*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:::::::*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:::::::*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:::::::*
cpe:2.3:a:oracle:policy_automation::::::::
cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:::::::*
cpe:2.3:a:oracle:policy_automation_for_mobile_devices::::::::
cpe:2.3:a:oracle:retail_back_office:14.0:::::::*
cpe:2.3:a:oracle:retail_back_office:14.1:::::::*
cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:::::::*
cpe:2.3:a:oracle:retail_returns_management:14.0:::::::*
cpe:2.3:a:oracle:retail_returns_management:14.1:::::::*
cpe:2.3:a:oracle:siebel_ui_framework:20.8:::::::*
cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:::::::*
cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:::::::*
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*

Package	CPE	Advisory	Released Date
A-MQ Interconnect 1.y for RHEL 6
qpid-dispatch-0:1.13.0-3.el6_10	cpe:/a:redhat:amq_interconnect:1::el6	RHSA-2020:4211	2020-10-08T00:00:00Z
A-MQ Interconnect 1.y for RHEL 7
qpid-dispatch-0:1.13.0-3.el7	cpe:/a:redhat:amq_interconnect:1::el7	RHSA-2020:4211	2020-10-08T00:00:00Z
A-MQ Interconnect 1.y for RHEL 8
qpid-dispatch-0:1.13.0-3.el8	cpe:/a:redhat:amq_interconnect:1::el8	RHSA-2020:4211	2020-10-08T00:00:00Z
Openshift Service Mesh 1.0
jaeger-0:v1.13.1.redhat7-1.el7	cpe:/a:redhat:service_mesh:1.0::el7	RHSA-2020:2362	2020-06-02T00:00:00Z
kiali-0:v1.0.11.redhat1-1.el7	cpe:/a:redhat:service_mesh:1.0::el7	RHSA-2020:2362	2020-06-02T00:00:00Z
OpenShift Service Mesh 1.0
servicemesh-grafana-0:6.2.2-36.el8	cpe:/a:redhat:service_mesh:1.0::el8	RHSA-2020:2362	2020-06-02T00:00:00Z
Red Hat Ansible Tower 3.6 for RHEL 7
ansible-tower-36/ansible-tower:3.6.7-1	cpe:/a:redhat:ansible_tower:3.6::el7	RHSA-2021:0778	2021-03-09T00:00:00Z
Red Hat Ansible Tower 3.7 for RHEL 7
ansible-tower-37/ansible-tower-rhel7:3.7.4-1	cpe:/a:redhat:ansible_tower:3.7::el7	RHSA-2020:5249	2020-11-30T00:00:00Z
Red Hat Enterprise Linux 7
ipa-0:4.6.8-5.el7	cpe:/o:redhat:enterprise_linux:7	RHSA-2020:3936	2020-09-29T00:00:00Z
Red Hat Enterprise Linux 8
idm:client-8030020200923172426.05ac3f11	cpe:/a:redhat:enterprise_linux:8	RHSA-2020:4670	2020-11-04T00:00:00Z
idm:DL1-8030020200923172343.9c827e52	cpe:/a:redhat:enterprise_linux:8	RHSA-2020:4670	2020-11-04T00:00:00Z
pki-core:10.6-8030020200911215836.5ff1562f	cpe:/a:redhat:enterprise_linux:8	RHSA-2020:4847	2020-11-04T00:00:00Z
pki-deps:10.6-8030020200527165326.30b713e6	cpe:/a:redhat:enterprise_linux:8	RHSA-2020:4847	2020-11-04T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7
jquery	cpe:/a:redhat:jboss_enterprise_application_platform:7.4	RHSA-2023:0556	2023-01-31T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2023:0553	2023-01-31T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2023:0554	2023-01-31T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7
eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2023:0552	2023-01-31T00:00:00Z
Red Hat OpenShift Container Platform 3.11
atomic-openshift-web-console-0:3.11.219-1.git.1.9b9b889.el7	cpe:/a:redhat:openshift:3.11::el7	RHSA-2020:2217	2020-05-28T00:00:00Z
Red Hat OpenShift Container Platform 4.5
openshift4/ose-console:v4.5.0-202007012112.p0	cpe:/a:redhat:openshift:4.5::el7	RHSA-2020:2412	2020-07-13T00:00:00Z
Red Hat OpenShift Container Platform 4.6
openshift4/ose-grafana:v4.6.0-202010061132.p0	cpe:/a:redhat:openshift:4.6::el8	RHSA-2020:4298	2020-10-27T00:00:00Z
openshift4/ose-prometheus:v4.6.0-202009290409.p0	cpe:/a:redhat:openshift:4.6::el8	RHSA-2020:4298	2020-10-27T00:00:00Z
Red Hat Single Sign-On 7
keycloak-idp-jquery	cpe:/a:redhat:red_hat_single_sign_on:7.6	RHSA-2023:1049	2023-03-01T00:00:00Z
Red Hat Single Sign-On 7.4.1
js-jquery	cpe:/a:redhat:jboss_single_sign_on:7.4	RHSA-2020:2813	2020-07-02T00:00:00Z
Red Hat Single Sign-On 7.6 for RHEL 7
rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso	cpe:/a:redhat:red_hat_single_sign_on:7.6::el7	RHSA-2023:1043	2023-03-01T00:00:00Z
Red Hat Single Sign-On 7.6 for RHEL 8
rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso	cpe:/a:redhat:red_hat_single_sign_on:7.6::el8	RHSA-2023:1044	2023-03-01T00:00:00Z
Red Hat Single Sign-On 7.6 for RHEL 9
rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso	cpe:/a:redhat:red_hat_single_sign_on:7.6::el9	RHSA-2023:1045	2023-03-01T00:00:00Z
Red Hat Virtualization Engine 4.4
ovirt-engine-ui-extensions-0:1.2.2-1.el8ev	cpe:/a:redhat:rhev_manager:4.4:el8	RHSA-2020:3247	2020-08-04T00:00:00Z
ovirt-web-ui-0:1.6.4-1.el8ev	cpe:/a:redhat:rhev_manager:4.4:el8	RHSA-2020:3807	2020-09-23T00:00:00Z
org.ovirt.engine-root-0:4.5.2.4-1	cpe:/a:redhat:rhev_manager:4.4:el8	RHSA-2022:6393	2022-09-08T00:00:00Z
RHEL-8 based Middleware Containers
rh-sso-7/sso76-openshift-rhel8:7.6-20	cpe:/a:redhat:rhosemc:1.0::el8	RHSA-2023:1047	2023-03-01T00:00:00Z

No data.

Advisories

Source	ID	Title
Debian DLA	DLA-2608-1	jquery security update
Debian DLA	DLA-3551-1	otrs2 security update
Debian DSA	DSA-4693-1	drupal7 security update
Github GHSA	GHSA-gxr4-xjj5-5px2	Potential XSS vulnerability in jQuery
Ubuntu USN	USN-7246-1	jQuery vulnerabilities
Ubuntu USN	USN-7622-1	jQuery vulnerabilities
Ubuntu USN	USN-7658-1	Drupal vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html
http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
https://github.com/advisories/GHSA-gxr4-xjj5-5px2
https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77
https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2
https://jquery.com/upgrade-guide/3.5/
https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3Cdev.flink.apache.org%3E
https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133%40%3Ccommits.airflow.apache.org%3E
https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3Cissues.flink.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html
https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/
https://nvd.nist.gov/vuln/detail/CVE-2020-11022
https://security.gentoo.org/glsa/202007-03
https://security.netapp.com/advisory/ntap-20200511-0006/
https://www.cve.org/CVERecord?id=CVE-2020-11022
https://www.debian.org/security/2020/dsa-4693
https://www.drupal.org/sa-core-2020-002
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpujul2022.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.tenable.com/security/tns-2020-10
https://www.tenable.com/security/tns-2020-11
https://www.tenable.com/security/tns-2021-02
https://www.tenable.com/security/tns-2021-10

History

Tue, 15 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.10443}`	epss `{'score': 0.23711}`

Sun, 13 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.05513}`	epss `{'score': 0.10443}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2020-04-29T00:00:00

Updated: 2024-08-04T11:21:14.453Z

Reserved: 2020-03-30T00:00:00

Link: CVE-2020-11022

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-04-29T22:15:11.903

Modified: 2024-11-21T04:56:36.110

Link: CVE-2020-11022

Redhat

Severity : Moderate

Publid Date: 2020-04-23T00:00:00Z

Links: CVE-2020-11022 - Bugzilla

OpenCVE Enrichment

No data.

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object