Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-17091


faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client window field is mishandled.


Published

2019-10-02T14:15:12.600

Last Modified

2024-11-21T04:31:40.197

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.1 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: PARTIAL
  • Availability Impact: NONE
Exploitability Score

8.6

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-79

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application eclipse mojarra < 2.3.10 Yes
Application oracle mojarra_javaserver_faces < 2.2.20 Yes
Application oracle application_testing_suite 13.2.0.1 Yes
Application oracle application_testing_suite 13.3.0.1 Yes
Application oracle banking_enterprise_product_manufacturing 2.7.0 Yes
Application oracle banking_enterprise_product_manufacturing 2.8.0 Yes
Application oracle communications_diameter_signaling_router ≤ 8.4.0.5 Yes
Application oracle communications_network_integrity 7.3.5 Yes
Application oracle communications_network_integrity 7.3.6 Yes
Application oracle communications_unified_inventory_management 7.3.0 Yes
Application oracle communications_unified_inventory_management 7.4.0 Yes
Application oracle enterprise_data_quality 12.2.1.3.0 Yes
Application oracle health_sciences_information_manager 3.0 Yes
Application oracle healthcare_data_repository 7.0 Yes
Application oracle primavera_p6_enterprise_project_portfolio_management ≤ 15.2.18.7 Yes
Application oracle primavera_p6_enterprise_project_portfolio_management ≤ 16.2.19.0 Yes
Application oracle primavera_p6_enterprise_project_portfolio_management ≤ 17.12.15.0 Yes
Application oracle primavera_p6_enterprise_project_portfolio_management ≤ 18.8.15.0 Yes
Application oracle primavera_p6_enterprise_project_portfolio_management 19.12.0.0 Yes
Application oracle rapid_planning 12.1 Yes
Application oracle rapid_planning 12.2 Yes
Application oracle retail_advanced_inventory_planning 15.0 Yes
Application oracle retail_advanced_inventory_planning 16.0 Yes
Application oracle retail_assortment_planning 16.0.3 Yes
Application oracle retail_bulk_data_integration 16.0.3.0 Yes
Application oracle retail_financial_integration 15.0 Yes
Application oracle retail_financial_integration 16.0 Yes
Application oracle retail_integration_bus 15.0 Yes
Application oracle retail_integration_bus 16.0 Yes
Application oracle retail_invoice_matching 16.0 Yes
Application oracle retail_merchandising_system 16.0 Yes
Application oracle retail_service_backbone 15.0 Yes
Application oracle retail_service_backbone 16.0 Yes
Application oracle retail_store_inventory_management 14.0.4 Yes
Application oracle retail_store_inventory_management 14.1.3 Yes
Application oracle retail_store_inventory_management 15.0.3 Yes
Application oracle retail_store_inventory_management 16.0.3 Yes
Application oracle secure_global_desktop 5.4 Yes
Application oracle secure_global_desktop 5.5 Yes
Application oracle time_and_labor ≤ 12.2.11 Yes

References