CVE-2019-11358

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.

References

https://www.drupal.org/sa-core-2019-006

https://snyk.io/vuln/SNYK-JS-JQUERY-174006

https://github.com/jquery/jquery/pull/4333

https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b

https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/

https://backdropcms.org/security/backdrop-sa-core-2019-009

https://www.debian.org/security/2019/dsa-4434

https://seclists.org/bugtraq/2019/Apr/32

http://www.securityfocus.com/bid/108023

https://lists.apache.org/thread.html/[email protected]%3Ccommits.airflow.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccommits.airflow.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccommits.airflow.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccommits.airflow.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccommits.airflow.apache.org%3E

https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html

https://lists.fedoraproject.org/archives/list/[email protected]/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/

https://lists.fedoraproject.org/archives/list/[email protected]/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/

https://lists.fedoraproject.org/archives/list/[email protected]/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/

https://lists.fedoraproject.org/archives/list/[email protected]/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/

https://lists.fedoraproject.org/archives/list/[email protected]/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/

https://lists.fedoraproject.org/archives/list/[email protected]/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/

https://seclists.org/bugtraq/2019/May/18

http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html

http://seclists.org/fulldisclosure/2019/May/13

http://seclists.org/fulldisclosure/2019/May/11

http://seclists.org/fulldisclosure/2019/May/10

https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html

http://www.openwall.com/lists/oss-security/2019/06/03/2

http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html

https://access.redhat.com/errata/RHSA-2019:1456

https://www.debian.org/security/2019/dsa-4460

https://seclists.org/bugtraq/2019/Jun/12

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html

https://access.redhat.com/errata/RHBA-2019:1570

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html

https://lists.apache.org/thread.html/[email protected]%3Ccommits.roller.apache.org%3E

https://access.redhat.com/errata/RHSA-2019:2587

https://security.netapp.com/advisory/ntap-20190919-0001/

https://access.redhat.com/errata/RHSA-2019:3023

https://access.redhat.com/errata/RHSA-2019:3024

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

https://lists.apache.org/thread.html/b0656d359[email protected]%3Cdev.drill.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.drill.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cissues.drill.apache.org%3E

https://www.synology.com/security/advisory/Synology_SA_19_19

https://lists.apache.org/thread.html/[email protected]%3Ccommits.nifi.apache.org%3E

https://www.tenable.com/security/tns-2019-08

https://www.oracle.com/security-alerts/cpujan2020.html

https://lists.apache.org/thread.html/[email protected]%3Ccommits.nifi.apache.org%3E

https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html

http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html

https://www.tenable.com/security/tns-2020-02

https://www.oracle.com/security-alerts/cpuapr2020.html

https://lists.apache.org/thread.html/[email protected]%3Cdev.syncope.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.flink.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cissues.flink.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cissues.flink.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cissues.flink.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cissues.flink.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cissues.flink.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.storm.apache.org%3E

https://www.oracle.com/security-alerts/cpujul2020.html

https://www.oracle.com/security-alerts/cpuoct2020.html

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601

https://www.oracle.com/security-alerts/cpujan2021.html

https://www.oracle.com/security-alerts/cpuApr2021.html

https://www.oracle.com//security-alerts/cpujul2021.html

https://www.oracle.com/security-alerts/cpuoct2021.html

Details

Source: MITRE

Published: 2019-04-20

Updated: 2021-10-20

Type: CWE-79

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 6.1

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Impact Score: 2.7

Exploitability Score: 2.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:*

cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:*

Configuration 5

OR

cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*

Configuration 6

OR

cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Configuration 7

OR

cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from 3.0 to 3.1.3 (inclusive)

cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*

Configuration 8

OR

cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:*

cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:*

Configuration 9

OR

cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:*

cpe:2.3:a:oracle:application_service_level_management:13.2.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:application_service_level_management:13.3.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:application_testing_suite:13.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:application_testing_suite:13.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:* versions from 2.7.0 to 2.8.0 (inclusive)

cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:* versions from 2.4.0 to 2.10.0 (inclusive)

cpe:2.3:a:oracle:bi_publisher:5.5.0.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:big_data_discovery:1.6:*:*:*:*:*:*:*

cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:* versions from 6.0 to 6.4 (inclusive)

cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:* versions from 4.1 to 4.3 (inclusive)

cpe:2.3:a:oracle:communications_operations_monitor:4.1.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_unified_inventory_management:7.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:diagnostic_assistant:2.12.36:*:*:*:*:*:*:*

cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*

cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from 7.3.3 to 7.3.5 (inclusive)

cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from 8.0.2 to 8.1.0 (inclusive)

cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:* versions from 8.0.4 to 8.0.7 (inclusive)

cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from 8.0.4 to 8.0.7 (inclusive)

cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:*

cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:* versions from 8.0.4 to 8.0.7 (inclusive)

cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:* versions from 8.0.4 to 8.0.7 (inclusive)

cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:* versions from 8.0.4 to 8.0.8 (inclusive)

cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:* versions from 8.0.6 to 8.0.9 (inclusive)

cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from 8.0.5 to 8.0.7 (inclusive)

cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.6:*:*:*:*:*:*:*

cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.7:*:*:*:*:*:*:*

cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from 8.0.4 to 8.0.7 (inclusive)

cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from 8.0.4 to 8.0.7 (inclusive)

cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:*:*:*:*:*:*:*:* versions from 8.0.4 to 8.0.7 (inclusive)

cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.0.1.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.4.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.5.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:*

cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:*

cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*

cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from 8.0.2 to 8.0.7 (inclusive)

cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*

cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*

cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*

cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:*:*:*:*:*:*:*:* versions from 8.0.4 to 8.0.7 (inclusive)

cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from 8.0.4 to 8.0.7 (inclusive)

cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:*

cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.6:*:*:*:*:*:*:*

cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.7:*:*:*:*:*:*:*

cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:* versions from 8.0.4 to 8.0.7 (inclusive)

cpe:2.3:a:oracle:financial_services_retail_customer_analytics:*:*:*:*:*:*:*:* versions from 8.0.4 to 8.0.6 (inclusive)

cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.6:*:*:*:*:*:*:*

cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.7:*:*:*:*:*:*:*

cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:healthcare_foundation:7.2.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:* versions from 19.1.0 to 19.1.2 (inclusive)

cpe:2.3:a:oracle:identity_manager:12.2.1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:*

cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:*

cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:* versions from 8.0.4 to 8.0.7 (inclusive)

cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.6:*:*:*:*:*:*:*

cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.7:*:*:*:*:*:*:*

cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:* versions from 5.0.0.0 to 5.6.0.0 (inclusive)

cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:insurance_performance_insight:8.0.7:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jdeveloper_and_adf:11.1.1.9.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jdeveloper_and_adf:12.1.3.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jdeveloper_and_adf:12.2.1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:knowledge:*:*:*:*:*:*:*:* versions from 8.6.0 to 8.6.3 (inclusive)

cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*

cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*

cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*

cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*

cpe:2.3:a:oracle:policy_automation:10.4.7:*:*:*:*:*:*:*

cpe:2.3:a:oracle:policy_automation:12.1.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:policy_automation:12.1.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from 12.2.0 to 12.2.15 (inclusive)

cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*

cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* versions from 12.2.0 to 12.2.15 (inclusive)

cpe:2.3:a:oracle:primavera_gateway:15.2.18:*:*:*:*:*:*:*

cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from 16.2.0 to 16.2.11 (inclusive)

cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from 17.12.0 to 17.12.7 (inclusive)

cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from 18.8.0 to 18.8.9 (inclusive)

cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from 19.12.0 to 19.12.4 (inclusive)

cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from 17.7 to 17.12 (inclusive)

cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*

cpe:2.3:a:oracle:real-time_scheduler:*:*:*:*:*:*:*:* versions from 2.3.0.1 to 2.3.0.3 (inclusive)

cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*

cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*

cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*

cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*

cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:*

cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_point-of-service:14.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:service_bus:11.1.1.9.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:siebel_mobile_applications:*:*:*:*:*:*:*:* versions up to 19.8 (inclusive)

cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:*

cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:system_utilities:19.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:tape_library_acsls:8.5:*:*:*:*:*:*:*

cpe:2.3:a:oracle:tape_library_acsls:8.5.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:transportation_management:1.4.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:utilities_mobile_workforce_management:*:*:*:*:*:*:*:* versions from 2.3.0.1 to 2.3.0.3 (inclusive)

cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*

Configuration 10

OR

cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:* versions from 3.0.0 to 3.9.4 (inclusive)

Tenable Plugins

View all (46 total)

IDNameProductFamilySeverity
154495NewStart CGSL CORE 5.05 / MAIN 5.05 : ipa Multiple Vulnerabilities (NS-SA-2021-0171)NessusNewStart CGSL Local Security Checks
medium
154342Oracle GoldenGate (Oct 2021 CPU)NessusMisc.
high
149159EulerOS 2.0 SP3 : pki-core (EulerOS-SA-2021-1831)NessusHuawei Local Security Checks
high
148894Oracle Database Server Multiple Vulnerabilities (Apr 2021 CPU)NessusDatabases
medium
147251NewStart CGSL CORE 5.04 / MAIN 5.04 : ipa Multiple Vulnerabilities (NS-SA-2021-0045)NessusNewStart CGSL Local Security Checks
medium
146679EulerOS 2.0 SP2 : pki-core (EulerOS-SA-2021-1346)NessusHuawei Local Security Checks
medium
146621Tenable SecurityCenter < 5.14.0 Multiple Vulnerabilities (TNS-2020-02)NessusMisc.
medium
145989CentOS 8 : pki-core:10.6 and pki-deps:10.6 (CESA-2020:4847)NessusCentOS Local Security Checks
medium
145873CentOS 8 : idm:DL1 and idm:client (CESA-2020:4670)NessusCentOS Local Security Checks
medium
144449SolarWinds Orion Platform < 2020.2.1 HF2 Multiple VulnerabilitiesNessusMisc.
high
144388RHEL 7 : python-XStatic-jQuery (RHSA-2020:5581)NessusRed Hat Local Security Checks
medium
144240EulerOS 2.0 SP5 : pki-core (EulerOS-SA-2020-2560)NessusHuawei Local Security Checks
medium
143080RHEL 7 : ipa (RHSA-2020:3936)NessusRed Hat Local Security Checks
medium
142435RHEL 8 : idm:DL1 and idm:client (RHSA-2020:4670)NessusRed Hat Local Security Checks
medium
142409RHEL 8 : pki-core:10.6 and pki-deps:10.6 (RHSA-2020:4847)NessusRed Hat Local Security Checks
medium
142372Oracle Business Intelligence Publisher Multiple Vulnerabilities (Oct 2020 CPU)NessusMisc.
high
142210Oracle Business Process Management Suite (Oct 2020 CPU)NessusMisc.
critical
142058Pulse Connect Secure < 9.1R9 (SA44601)NessusMisc.
high
142057Pulse Policy Secure < 9.1R9 (SA44601)NessusMisc.
high
141974Amazon Linux 2 : ipa-client (ALAS-2020-1519)NessusAmazon Linux Local Security Checks
medium
141734Scientific Linux Security Update : ipa on SL7.x x86_64 (20201001)NessusScientific Linux Local Security Checks
medium
141586CentOS 7 : ipa (CESA-2020:3936)NessusCentOS Local Security Checks
medium
135676Oracle WebCenter Sites Multiple Vulnerabilities (April 2020 CPU)NessusWindows
critical
135256RHEL 8 : python-XStatic-jQuery (RHSA-2020:1325)NessusRed Hat Local Security Checks
medium
133967Debian DLA-2118-1 : otrs2 security updateNessusDebian Local Security Checks
medium
133260Oracle Application Testing Suite Multiple Vulnerabilities (Jan 2020 CPU)NessusMisc.
critical
133057Oracle Enterprise Manager Ops Center (Oct 2019 CPU)NessusMisc.
high
132936Oracle Primavera Gateway Multiple Vulnerabilities (Jan 2020 CPU)NessusCGI abuses
critical
130070Oracle Primavera Unifier Multiple Vulnerabilities (Oct 2019 CPU)NessusCGI abuses
critical
130012Oracle WebLogic Server Multiple Vulnerabilities (Oct 2019 CPU)NessusMisc.
high
129862RHEL 7 : Virtualization Manager (RHSA-2019:3024)NessusRed Hat Local Security Checks
critical
129861RHEL 7 : Virtualization Manager (RHSA-2019:3023)NessusRed Hat Local Security Checks
medium
127742openSUSE Security Update : python-Django (openSUSE-2019-1839)NessusSuSE Local Security Checks
critical
126485FreeBSD : mediawiki -- multiple vulnerabilities (3c5a4fe0-9ebb-11e9-9169-fcaa147e860e)NessusFreeBSD Local Security Checks
critical
125858Debian DSA-4460-1 : mediawiki - security updateNessusDebian Local Security Checks
critical
125750FreeBSD : Django -- AdminURLFieldWidget XSS (ffc73e87-87f0-11e9-ad56-fcaa147e860e)NessusFreeBSD Local Security Checks
medium
125298Debian DLA-1797-1 : drupal7 security updateNessusDebian Local Security Checks
critical
124719JQuery < 3.4.0 Object Prototype Pollution VulnerabilityNessusCGI abuses
medium
124703Fedora 28 : drupal7 (2019-f563e66380)NessusFedora Local Security Checks
medium
124700Fedora 29 : drupal7 (2019-a06dffab1c)NessusFedora Local Security Checks
medium
124699Fedora 30 : drupal7 (2019-2a0ce0c58c)NessusFedora Local Security Checks
medium
124688Fedora 30 : drupal8 (2019-eba8e44ee6)NessusFedora Local Security Checks
critical
124686Fedora 29 : drupal8 (2019-7eaf0bbe7c)NessusFedora Local Security Checks
critical
124685Fedora 28 : drupal8 (2019-1a3edd7e8a)NessusFedora Local Security Checks
critical
98590jQuery < 3.4.0 Prototype PollutionWeb Application ScanningComponent Vulnerability
medium
124205Debian DSA-4434-1 : drupal7 - security updateNessusDebian Local Security Checks
medium