Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: github issues

Project: Zephyr - Installer, macOS

it.tidalwave.northernwind.rca:zephyr-macosx:1.2-ALPHA-2

Scan Information (show all):

Summary

Display: Showing Vulnerable Dependencies (click to show all)

DependencyVulnerability IDsPackageHighest SeverityCVE CountConfidenceEvidence Count
activation-1.1.1.jarpkg:maven/javax.activation/activation@1.1.1 025
aquafx-0.2.jarpkg:maven/com.aquafx-project/aquafx@0.2 018
aspectjrt-1.9.6.jarpkg:maven/org.aspectj/aspectjrt@1.9.6 023
guava-14.0.1.jarcpe:2.3:a:google:guava:14.0.1:*:*:*:*:*:*:*pkg:maven/com.google.guava/guava@14.0.1MEDIUM2Highest21
it-tidalwave-html-patches-1.2-ALPHA-5.jarpkg:maven/it.tidalwave.northernwind/it-tidalwave-html-patches@1.2-ALPHA-5 023
it-tidalwave-messagebus-3.2-ALPHA-1.jarpkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-messagebus@3.2-ALPHA-1 023
it-tidalwave-messagebus-spring-3.2-ALPHA-1.jarpkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-messagebus-spring@3.2-ALPHA-1 023
it-tidalwave-northernwind-core-1.2-ALPHA-5.jarpkg:maven/it.tidalwave.northernwind/it-tidalwave-northernwind-core@1.2-ALPHA-5 025
it-tidalwave-northernwind-core-filesystem-basic-1.2-ALPHA-5.jarpkg:maven/it.tidalwave.northernwind/it-tidalwave-northernwind-core-filesystem-basic@1.2-ALPHA-5 023
it-tidalwave-northernwind-core-marshalling-default-1.2-ALPHA-5.jarpkg:maven/it.tidalwave.northernwind/it-tidalwave-northernwind-core-marshalling-default@1.2-ALPHA-5 025
it-tidalwave-northernwind-model-core-stripped-1.2-ALPHA-2.jarpkg:maven/it.tidalwave.northernwind.rca/it-tidalwave-northernwind-model-core-stripped@1.2-ALPHA-2 027
it-tidalwave-northernwind-rca-application-javafx-1.2-ALPHA-2.jarpkg:maven/it.tidalwave.northernwind.rca/it-tidalwave-northernwind-rca-application-javafx@1.2-ALPHA-2 025
it-tidalwave-northernwind-rca-embeddedserver-1.2-ALPHA-2.jarpkg:maven/it.tidalwave.northernwind.rca/it-tidalwave-northernwind-rca-embeddedserver@1.2-ALPHA-2 025
it-tidalwave-northernwind-rca-model-1.2-ALPHA-2.jarpkg:maven/it.tidalwave.northernwind.rca/it-tidalwave-northernwind-rca-model@1.2-ALPHA-2 025
it-tidalwave-northernwind-rca-ui-commons-1.2-ALPHA-2.jarpkg:maven/it.tidalwave.northernwind.rca/it-tidalwave-northernwind-rca-ui-commons@1.2-ALPHA-2 025
it-tidalwave-northernwind-rca-ui-content-editor-1.2-ALPHA-2.jarpkg:maven/it.tidalwave.northernwind.rca/it-tidalwave-northernwind-rca-ui-content-editor@1.2-ALPHA-2 025
it-tidalwave-northernwind-rca-ui-content-editor-1.2-ALPHA-2.jar: ClickHijacker.js 00
it-tidalwave-northernwind-rca-ui-content-editor-1.2-ALPHA-2.jar: aloha-integration.js 00
it-tidalwave-northernwind-rca-ui-content-editor-1.2-ALPHA-2.jar: aloha-ui-links.js 00
it-tidalwave-northernwind-rca-ui-content-editor-1.2-ALPHA-2.jar: aloha.min.js 00
it-tidalwave-northernwind-rca-ui-content-editor-1.2-ALPHA-2.jar: bootstrap.min.jspkg:javascript/bootstrap@3.2.0MEDIUM43
it-tidalwave-northernwind-rca-ui-content-editor-1.2-ALPHA-2.jar: jquery.min.jspkg:javascript/jquery@1.11.1MEDIUM43
it-tidalwave-northernwind-rca-ui-content-explorer-1.2-ALPHA-2.jarpkg:maven/it.tidalwave.northernwind.rca/it-tidalwave-northernwind-rca-ui-content-explorer@1.2-ALPHA-2 025
it-tidalwave-northernwind-rca-ui-content-manager-1.2-ALPHA-2.jarpkg:maven/it.tidalwave.northernwind.rca/it-tidalwave-northernwind-rca-ui-content-manager@1.2-ALPHA-2 025
it-tidalwave-northernwind-rca-ui-javafx-1.2-ALPHA-2.jarpkg:maven/it.tidalwave.northernwind.rca/it-tidalwave-northernwind-rca-ui-javafx@1.2-ALPHA-2 025
it-tidalwave-northernwind-rca-ui-site-opener-1.2-ALPHA-2.jarcpe:2.3:a:opener_project:opener:1.2:pha-2:*:*:*:*:*:*pkg:maven/it.tidalwave.northernwind.rca/it-tidalwave-northernwind-rca-ui-site-opener@1.2-ALPHA-2 0High25
it-tidalwave-northernwind-rca-ui-structure-editor-1.2-ALPHA-2.jarpkg:maven/it.tidalwave.northernwind.rca/it-tidalwave-northernwind-rca-ui-structure-editor@1.2-ALPHA-2 025
it-tidalwave-northernwind-rca-ui-structure-explorer-1.2-ALPHA-2.jarpkg:maven/it.tidalwave.northernwind.rca/it-tidalwave-northernwind-rca-ui-structure-explorer@1.2-ALPHA-2 025
it-tidalwave-role-3.2-ALPHA-1.jarpkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-role@3.2-ALPHA-1 023
it-tidalwave-role-spring-3.2-ALPHA-1.jarpkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-role-spring@3.2-ALPHA-1 025
it-tidalwave-role-ui-javafx-1.0-ALPHA-18.jarpkg:maven/it.tidalwave.steelblue/it-tidalwave-role-ui-javafx@1.0-ALPHA-18 027
it-tidalwave-util-3.2-ALPHA-1.jarpkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-util@3.2-ALPHA-1 023
javafx-base-11.0.1-mac.jarpkg:maven/org.openjfx/javafx-base@11.0.1 09
javafx-base-11.0.1.jarpkg:maven/org.openjfx/javafx-base@11.0.1 015
javafx-controls-11.0.1-mac.jarpkg:maven/org.openjfx/javafx-controls@11.0.1 011
javafx-controls-11.0.1.jarpkg:maven/org.openjfx/javafx-controls@11.0.1 015
javafx-fxml-11.0.1-mac.jarpkg:maven/org.openjfx/javafx-fxml@11.0.1 09
javafx-fxml-11.0.1.jarpkg:maven/org.openjfx/javafx-fxml@11.0.1 015
javafx-graphics-11.0.1-mac.jar: javafx-swt.jar 07
javafx-graphics-11.0.1.jarpkg:maven/org.openjfx/javafx-graphics@11.0.1 015
javafx-media-11.0.1.jarpkg:maven/org.openjfx/javafx-media@11.0.1 015
javafx-web-11.0.1-mac.jarcpe:2.3:a:oracle:javafx:11.0.1:*:*:*:*:*:*:*pkg:maven/org.openjfx/javafx-web@11.0.1 0Low10
javafx-web-11.0.1.jarpkg:maven/org.openjfx/javafx-web@11.0.1 015
javax.annotation-api-1.3.2.jarpkg:maven/javax.annotation/javax.annotation-api@1.3.2 039
javax.inject-1.jarpkg:maven/javax.inject/javax.inject@1 019
javax.servlet-3.0.0.v201112011016.jarcpe:2.3:a:eclipse:jetty:3.0.0:201112011016:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty:3.0.0:201112011016:*:*:*:*:*:*
pkg:maven/org.eclipse.jetty.orbit/javax.servlet@3.0.0.v201112011016CRITICAL6Highest27
jaxb-api-2.2.11.jarpkg:maven/javax.xml.bind/jaxb-api@2.2.11 042
jaxb-core-2.2.11.jarpkg:maven/com.sun.xml.bind/jaxb-core@2.2.11
pkg:maven/org.glassfish.jaxb/jaxb-core@2.2.11
 044
jaxb-core-2.2.11.jar (shaded: com.sun.istack:istack-commons-runtime:2.21)pkg:maven/com.sun.istack/istack-commons-runtime@2.21 011
jaxb-core-2.2.11.jar (shaded: org.glassfish.jaxb:txw2:2.2.11)pkg:maven/org.glassfish.jaxb/txw2@2.2.11 011
jaxb-impl-2.2.11.jarpkg:maven/com.sun.xml.bind/jaxb-impl@2.2.11 040
jaxb-impl-2.2.11.jar (shaded: org.glassfish.jaxb:jaxb-runtime:2.2.11)pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.2.11 011
jcl-over-slf4j-1.7.30.jarpkg:maven/org.slf4j/jcl-over-slf4j@1.7.30 033
jetty-io-8.1.10.v20130312.jarcpe:2.3:a:mortbay_jetty:jetty:8.1.10:20130312:*:*:*:*:*:*pkg:maven/org.eclipse.jetty/jetty-io@8.1.10.v20130312 0Highest35
jetty-server-8.1.10.v20130312.jarcpe:2.3:a:eclipse:jetty:8.1.10:20130312:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty:8.1.10:20130312:*:*:*:*:*:*
cpe:2.3:a:mortbay_jetty:jetty:8.1.10:20130312:*:*:*:*:*:*
pkg:maven/org.eclipse.jetty/jetty-server@8.1.10.v20130312CRITICAL7Highest35
jetty-util-8.1.10.v20130312.jarcpe:2.3:a:eclipse:jetty:8.1.10:20130312:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty:8.1.10:20130312:*:*:*:*:*:*
cpe:2.3:a:mortbay_jetty:jetty:8.1.10:20130312:*:*:*:*:*:*
pkg:maven/org.eclipse.jetty/jetty-util@8.1.10.v20130312CRITICAL5Highest35
jsoup-1.8.3.jarcpe:2.3:a:jsoup:jsoup:1.8.3:*:*:*:*:*:*:*pkg:maven/org.jsoup/jsoup@1.8.3 0Highest29
jsr305-3.0.2.jarpkg:maven/com.google.code.findbugs/jsr305@3.0.2 017
jul-to-slf4j-1.7.30.jarpkg:maven/org.slf4j/jul-to-slf4j@1.7.30 028
logback-core-1.2.3.jarcpe:2.3:a:logback:logback:1.2.3:*:*:*:*:*:*:*pkg:maven/ch.qos.logback/logback-core@1.2.3 0Highest32
lombok-1.18.18.jarpkg:maven/org.projectlombok/lombok@1.18.18 024
org-openide-filesystems-RELEASE80.jarpkg:maven/org.netbeans.api/org-openide-filesystems@RELEASE80 024
org-openide-util-RELEASE80.jarpkg:maven/org.netbeans.api/org-openide-util@RELEASE80 022
org-openide-util-lookup-RELEASE80.jarpkg:maven/org.netbeans.api/org-openide-util-lookup@RELEASE80 022
slf4j-api-1.7.30.jarpkg:maven/org.slf4j/slf4j-api@1.7.30 029
spotbugs-annotations-3.1.9.jarpkg:maven/com.github.spotbugs/spotbugs-annotations@3.1.9 021
spring-core-5.3.1.jarcpe:2.3:a:pivotal_software:spring_framework:5.3.1:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:5.3.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:springsource_spring_framework:5.3.1:*:*:*:*:*:*:*
pkg:maven/org.springframework/spring-core@5.3.1 0Highest31
stylemanager-0.1b2.jarpkg:maven/com.guigarage/stylemanager@0.1b2 021

Dependencies

activation-1.1.1.jar

Description:

The JavaBeans(TM) Activation Framework is used by the JavaMail(TM) API to manage MIME data

License:

COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0: https://glassfish.dev.java.net/public/CDDLv1.0.html
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/javax/activation/activation/1.1.1/activation-1.1.1.jar
MD5: 46a37512971d8eca81c3fcf245bf07d2
SHA1: 485de3a253e23f645037828c07f1d7f1af40763a
SHA256:ae475120e9fcd99b4b00b38329bd61cdc5eb754eee03fe66c01f50e137724f99
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

aquafx-0.2.jar

Description:

A JavaFX Skin for native Mac OS X Look and Feel

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/com/aquafx-project/aquafx/0.2/aquafx-0.2.jar
MD5: 16ed914fc191f632094040646957b665
SHA1: a37988cc9df2a737da4f1c9093e016eeb0ab23e3
SHA256:5eb32e91ea62764faf352121e186f895d82bdc9c75d17f3343f0c8edad39c3d2
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

aspectjrt-1.9.6.jar

Description:

The runtime needed to execute a program using AspectJ

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/legal/epl-v10.html
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/aspectj/aspectjrt/1.9.6/aspectjrt-1.9.6.jar
MD5: 391f9257f19b84b45eb79a1878b9600a
SHA1: 1651849d48659e5703adc2599e694bf67b8c3fc4
SHA256:20c785678cbb4ee045914daf83da25f98a16071177dfa0e3451326723dfb4705
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

guava-14.0.1.jar

Description:

    Guava is a suite of core and expanded libraries that include
    utility classes, google's collections, io classes, and much
    much more.

    Guava has two code dependencies - javax.annotation
    per the JSR-305 spec and javax.inject per the JSR-330 spec.
  

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/com/google/guava/guava/14.0.1/guava-14.0.1.jar
MD5: 58553f87d83b9f8ec74bd3529083ee2f
SHA1: 69e12f4c6aeac392555f1ea86fab82b5e5e31ad4
SHA256:d69df3331840605ef0e5fe4add60f2d28e870e3820937ea29f713d2035d9ab97
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

CVE-2018-10237  

Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-8908  

A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured.
CWE-732 Incorrect Permission Assignment for Critical Resource

CVSSv2:
  • Base Score: LOW (2.1)
  • Vector: /AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSSv3:
  • Base Score: LOW (3.3)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

it-tidalwave-html-patches-1.2-ALPHA-5.jar

Description:

Some patched classes for manipulating HTML.

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/northernwind/it-tidalwave-html-patches/1.2-ALPHA-5/it-tidalwave-html-patches-1.2-ALPHA-5.jar
MD5: 277f81b8c97ecfd880e9d42353c4d5a2
SHA1: d138e4caae05510bd53d2e875bb2a5a1d21f49bb
SHA256:b70317c13395a7722c2f767b2a8c95977d6411d4e1f8eef3b4b488a19cebe1f2
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

it-tidalwave-messagebus-3.2-ALPHA-1.jar

Description:

TheseFoolishThings - MessageBus

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/thesefoolishthings/it-tidalwave-messagebus/3.2-ALPHA-1/it-tidalwave-messagebus-3.2-ALPHA-1.jar
MD5: 5e2b0dbac5b6fbdf1aa65933c015b809
SHA1: 749ca733394102e19dc0ceb3bc5eb3e302623c6e
SHA256:5db16ae030ebf02447a78f125a6b16d3b48272536bb6af43461d6680fb4f9a1c
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

it-tidalwave-messagebus-spring-3.2-ALPHA-1.jar

Description:

TheseFoolishThings - MessageBus (Spring)

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/thesefoolishthings/it-tidalwave-messagebus-spring/3.2-ALPHA-1/it-tidalwave-messagebus-spring-3.2-ALPHA-1.jar
MD5: aac94767ef327c5b017f027f42ac3bed
SHA1: ae348f4285accea78bcda8a45d1ac52d432be08a
SHA256:dd9e46426b3d8e6268813ab851e66d011b0c2a1868edd61bea222bf0acbceaca
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

it-tidalwave-northernwind-core-1.2-ALPHA-5.jar

Description:

Contains the interfaces of the Core.

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/northernwind/it-tidalwave-northernwind-core/1.2-ALPHA-5/it-tidalwave-northernwind-core-1.2-ALPHA-5.jar
MD5: a17032ce0088acc9976239f007892790
SHA1: bf85a7558132b07b6c90c600fb6c8112693025ec
SHA256:12e4fe7d964fc881fd5e96bbb66b57f6454d2c1ed82579474fe811af40b6d988
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

it-tidalwave-northernwind-core-filesystem-basic-1.2-ALPHA-5.jar

Description:

The implementation of some basic filesystems.

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/northernwind/it-tidalwave-northernwind-core-filesystem-basic/1.2-ALPHA-5/it-tidalwave-northernwind-core-filesystem-basic-1.2-ALPHA-5.jar
MD5: 3b0fa648ca9d211729724ffcfcd2b605
SHA1: 3f99c136a4262f61df7d36c39db906f73449704b
SHA256:ced8715c884275d9cff34f21284984731a192fe0b9dc5efcef88d8444e5c7cb6
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

it-tidalwave-northernwind-core-marshalling-default-1.2-ALPHA-5.jar

Description:

The default implementation of marshalling for some Core classes.

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/northernwind/it-tidalwave-northernwind-core-marshalling-default/1.2-ALPHA-5/it-tidalwave-northernwind-core-marshalling-default-1.2-ALPHA-5.jar
MD5: c048f14781a88bf22b46b20858c8d7ab
SHA1: f38d4e40418a19358f7a343b04a69cedffd20b9d
SHA256:d90ef01594c22d6e687e58680ce2bfd64afd39cb7864356e1d261bd08563eef5
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

it-tidalwave-northernwind-model-core-stripped-1.2-ALPHA-2.jar

Description:

        This module contains a stripped subset of the default core implementation. Classes here should be probably
        put in a public *.spi package in Core.
    

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/northernwind/rca/it-tidalwave-northernwind-model-core-stripped/1.2-ALPHA-2/it-tidalwave-northernwind-model-core-stripped-1.2-ALPHA-2.jar
MD5: 77f288afda17edec073c7a976680ef1b
SHA1: 133533d92d6f3b790ca6ad7cedbd8b870db4b2bc
SHA256:4d3094c1f68d3b5396bde6843041c8588c33dfb47f5392bb2153d22d5157209b
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

it-tidalwave-northernwind-rca-application-javafx-1.2-ALPHA-2.jar

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/northernwind/rca/it-tidalwave-northernwind-rca-application-javafx/1.2-ALPHA-2/it-tidalwave-northernwind-rca-application-javafx-1.2-ALPHA-2.jar
MD5: f32eef294a9905bc193c44e927312dd1
SHA1: b0fc35ef11457dcda1709b3e233f8a4a9d526907
SHA256:6595857a9245066904260cfad511bebb76a4c680a769d68ac5ca231b71573693
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

it-tidalwave-northernwind-rca-embeddedserver-1.2-ALPHA-2.jar

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/northernwind/rca/it-tidalwave-northernwind-rca-embeddedserver/1.2-ALPHA-2/it-tidalwave-northernwind-rca-embeddedserver-1.2-ALPHA-2.jar
MD5: 2abca127db83c5995aed130f57f2c752
SHA1: e9dfec2267649e1012c7d6c9c24488a0ebb8cf8a
SHA256:cabb8f531bc71d8ea53f6039984fd9267911b1e9226faef2bf74ee6ecc0df1c3
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

it-tidalwave-northernwind-rca-model-1.2-ALPHA-2.jar

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/northernwind/rca/it-tidalwave-northernwind-rca-model/1.2-ALPHA-2/it-tidalwave-northernwind-rca-model-1.2-ALPHA-2.jar
MD5: b7e1d11e42a47b25d889219cadb44134
SHA1: 275985d9dad125f6523968a3c6be8d25d5ac692c
SHA256:ffc5492742518a61f74224b7bd17596c47e29fd943537957c940c7b65bfa53d5
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

it-tidalwave-northernwind-rca-ui-commons-1.2-ALPHA-2.jar

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/northernwind/rca/it-tidalwave-northernwind-rca-ui-commons/1.2-ALPHA-2/it-tidalwave-northernwind-rca-ui-commons-1.2-ALPHA-2.jar
MD5: 279dd39bbbcedf49e5f3b26f338534ce
SHA1: 010902063a371621f84bee2acc83087ae7b30fed
SHA256:ea4f320aa3d1d86aeecab4803097dea98ff80db4bd5fac15c314feae212982b4
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

it-tidalwave-northernwind-rca-ui-content-editor-1.2-ALPHA-2.jar

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/northernwind/rca/it-tidalwave-northernwind-rca-ui-content-editor/1.2-ALPHA-2/it-tidalwave-northernwind-rca-ui-content-editor-1.2-ALPHA-2.jar
MD5: 63a054e408a3ca2caab95b0ee94a51ea
SHA1: 561be9f0dabd989b0863b4f46bb7c2f560e9ee74
SHA256:23563d03e031c327860b7bbd38739580e2cb751733f0c132845e45a4f893ca78
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

it-tidalwave-northernwind-rca-ui-content-editor-1.2-ALPHA-2.jar: ClickHijacker.js

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/northernwind/rca/it-tidalwave-northernwind-rca-ui-content-editor/1.2-ALPHA-2/it-tidalwave-northernwind-rca-ui-content-editor-1.2-ALPHA-2.jar/nwa/ClickHijacker.js
MD5: 0c2f4a784addad68fda6f78db9a082e1
SHA1: fc0af77d53ed16243a6b2860eb91e6b09d737be2
SHA256:15b870df6277f0ae39e999183536de6d97df06906aa225df845c124b964f1ac4
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

  • None

it-tidalwave-northernwind-rca-ui-content-editor-1.2-ALPHA-2.jar: aloha-integration.js

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/northernwind/rca/it-tidalwave-northernwind-rca-ui-content-editor/1.2-ALPHA-2/it-tidalwave-northernwind-rca-ui-content-editor-1.2-ALPHA-2.jar/nwa/aloha-integration.js
MD5: 769e3cb2684c49f7181161e9daaac589
SHA1: 9a66dc19ea983ef3ad371d75fb13318ec38ea08d
SHA256:4cd98e45c16cb3c04b5f5a2b6bda3ecf02e09ba1554a4381e04da6852dc89837
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

  • None

it-tidalwave-northernwind-rca-ui-content-editor-1.2-ALPHA-2.jar: aloha-ui-links.js

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/northernwind/rca/it-tidalwave-northernwind-rca-ui-content-editor/1.2-ALPHA-2/it-tidalwave-northernwind-rca-ui-content-editor-1.2-ALPHA-2.jar/nwa/aloha-2.0.0b188/aloha-ui-links.js
MD5: 04b329b29f12553006e47a36027025f1
SHA1: 1cb3d670b88a83f6bff6dd50ba4c803f2ed7ab92
SHA256:e9ceb32aa5d7e9f5a85d45bee934d69764ad4344b8f1fe76f57c5c7d104ddad0
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

  • None

it-tidalwave-northernwind-rca-ui-content-editor-1.2-ALPHA-2.jar: aloha.min.js

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/northernwind/rca/it-tidalwave-northernwind-rca-ui-content-editor/1.2-ALPHA-2/it-tidalwave-northernwind-rca-ui-content-editor-1.2-ALPHA-2.jar/nwa/aloha-2.0.0b188/aloha.min.js
MD5: 1ed5239dfbb4087d513d2b63da73400b
SHA1: fc84f6336434a2c91bdc7b147b7011e8ebe86d5d
SHA256:570992c925a4f9a11a0673ba20880b6b79c65f851fa54926476681cc30cfecb7
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

  • None

it-tidalwave-northernwind-rca-ui-content-editor-1.2-ALPHA-2.jar: bootstrap.min.js

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/northernwind/rca/it-tidalwave-northernwind-rca-ui-content-editor/1.2-ALPHA-2/it-tidalwave-northernwind-rca-ui-content-editor-1.2-ALPHA-2.jar/nwa/bootstrap-3.2.0/bootstrap.min.js
MD5: abda843684d022f3bc22bc83927fe05f
SHA1: 26908395e7a9a4eab607d80aa50a81d65f3017cb
SHA256:24cc29533598f962823c4229bc280487646a27a42a95257c31de1b9b18f3710f
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

CVE-2018-14040  

In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.0.0; versions up to (excluding) 4.1.2
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:*

CVE-2018-14041  

In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.0.0; versions up to (excluding) 4.1.2
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:*

CVE-2018-14042  

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.0.0; versions up to (excluding) 4.1.2
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:*

CVE-2019-8331  

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.1
  • cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.3.0; versions up to (excluding) 4.3.1
  • cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1

it-tidalwave-northernwind-rca-ui-content-editor-1.2-ALPHA-2.jar: jquery.min.js

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/northernwind/rca/it-tidalwave-northernwind-rca-ui-content-editor/1.2-ALPHA-2/it-tidalwave-northernwind-rca-ui-content-editor-1.2-ALPHA-2.jar/nwa/jquery-1.11.1/jquery.min.js
MD5: 8101d596b2b8fa35fe3a634ea342d7c3
SHA1: d6c1f41972de07b09bfa63d2e50f9ab41ec372bd
SHA256:540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

CVE-2015-9251  

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:* versions up to (excluding) 7.2
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oss_support_tools:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:* versions up to (excluding) 6.1.0.4.0
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.1; versions up to (including) 17.12
  • cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:siebel_ui_framework:18.11:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.0.0
  • cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.6
  • cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_allocation:15.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:real-time_scheduler:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:* versions from (including) 4.3.0.1; versions up to (including) 4.3.0.4
  • cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_operations_monitor:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6
  • cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:utilities_mobile_workforce_management:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5
  • cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:* versions up to (excluding) 7.0.0.1
  • cpe:2.3:a:oracle:healthcare_foundation:7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_ui_framework:18.10:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:enterprise_operations_monitor:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7

CVE-2019-11358  

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:* versions from (including) 5.0.0.0; versions up to (including) 5.6.0.0
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (excluding) 8.6.15
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.66
  • cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions up to (excluding) 8.5.15
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper_and_adf:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.15
  • cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:* versions from (including) 6.0; versions up to (including) 6.4
  • cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 19.1
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.5.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper_and_adf:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0; versions up to (including) 18.8.9
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0
  • cpe:2.3:a:oracle:retail_point-of-service:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:real-time_scheduler:*:*:*:*:*:*:*:* versions from (including) 2.3.0.1; versions up to (including) 2.3.0.3
  • cpe:2.3:a:oracle:financial_services_retail_customer_analytics:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6
  • cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_unified_inventory_management:7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:12.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.0.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:transportation_management:1.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.15
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:tape_library_acsls:8.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5
  • cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:application_service_level_management:13.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:15.2.18:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_mobile_applications:*:*:*:*:*:*:*:* versions up to (including) 19.8
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (including) 2.8.0
  • cpe:2.3:a:oracle:utilities_mobile_workforce_management:*:*:*:*:*:*:*:* versions from (including) 2.3.0.1; versions up to (including) 2.3.0.3
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:bi_publisher:5.5.0.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:10.4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0; versions up to (including) 17.12.7
  • cpe:2.3:a:oracle:tape_library_acsls:8.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_service_level_management:13.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_performance_insight:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:* versions from (including) 19.1.0; versions up to (including) 19.1.2
  • cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:* versions from (including) 4.1; versions up to (including) 4.3
  • cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.8
  • cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:12.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:* versions from (including) 2.4.0; versions up to (including) 2.10.0
  • cpe:2.3:a:oracle:knowledge:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (including) 8.6.3
  • cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:communications_operations_monitor:4.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0; versions up to (including) 19.12.4
  • cpe:2.3:a:oracle:service_bus:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper_and_adf:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.11.0; versions up to (excluding) 1.11.9
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 16.2.0; versions up to (including) 16.2.11
  • cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9
  • cpe:2.3:a:oracle:system_utilities:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:big_data_discovery:1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:diagnostic_assistant:2.12.36:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.12.0; versions up to (excluding) 1.12.6
  • cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:application_testing_suite:13.3:*:*:*:*:*:*:*

CVE-2020-11022  

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3
  • cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:* versions from (including) 5.0.0.0; versions up to (including) 5.6.0.0
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.2; versions up to (excluding) 3.5.0
  • cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\::*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.2.2
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.20
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.7.0; versions up to (excluding) 8.7.14
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.8.0; versions up to (excluding) 8.8.6
  • cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:* versions from (including) 19.1.0; versions up to (including) 19.1.2
  • cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_supplier_collaboration_for_process:6.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
  • cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.6.0.0; versions up to (including) 8.1.0.0.0
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.70
  • cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.20
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
  • cpe:2.3:a:opensuse:backports_sle:15.0:sp2:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9
  • cpe:2.3:a:oracle:financial_services_profitability_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*

CVE-2020-11023  

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3
  • cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
  • cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:snapcenter_server:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0; versions up to (including) 18.8.9
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (including) 2.8.0
  • cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:* versions from (including) 2.4.0; versions up to (including) 2.10.0
  • cpe:2.3:a:oracle:hyperion_financial_reporting:11.1.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_human_capital_management_resources:9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0; versions up to (including) 19.12.4
  • cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.70
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.5.0
  • cpe:2.3:a:oracle:siebel_mobile:*:*:*:*:*:*:*:* versions up to (including) 20.12
  • cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.5.0
  • cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.0.3; versions up to (excluding) 3.5.0
  • cpe:2.3:a:opensuse:backports_sle:15.0:sp2:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:* versions from (including) 6.1; versions up to (including) 6.4
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0; versions up to (including) 17.12.7
  • cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.7.0; versions up to (excluding) 8.7.14
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.8.0; versions up to (excluding) 8.8.6
  • cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 20.2
  • cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 16.2; versions up to (including) 16.2.11
  • cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:* versions from (including) 4.1; versions up to (including) 4.3
  • cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*

it-tidalwave-northernwind-rca-ui-content-explorer-1.2-ALPHA-2.jar

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/northernwind/rca/it-tidalwave-northernwind-rca-ui-content-explorer/1.2-ALPHA-2/it-tidalwave-northernwind-rca-ui-content-explorer-1.2-ALPHA-2.jar
MD5: 0765759499b61e00741c6643e63c13f0
SHA1: af744b85c64dc170b3de54be94a6c645ebacb33c
SHA256:96166fe1d31e9e73bba77493cafc53ac1a4e466050dd1f746ea04fbfb3448511
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

it-tidalwave-northernwind-rca-ui-content-manager-1.2-ALPHA-2.jar

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/northernwind/rca/it-tidalwave-northernwind-rca-ui-content-manager/1.2-ALPHA-2/it-tidalwave-northernwind-rca-ui-content-manager-1.2-ALPHA-2.jar
MD5: 91cb3f3e1770a1097c306aa72192b490
SHA1: 4bab2c06d519e03acb2caa5f371c9be740859e83
SHA256:d885aef9aedb13d3665423bb927277d6f832d14383066e56159f8a75a4b389d7
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

it-tidalwave-northernwind-rca-ui-javafx-1.2-ALPHA-2.jar

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/northernwind/rca/it-tidalwave-northernwind-rca-ui-javafx/1.2-ALPHA-2/it-tidalwave-northernwind-rca-ui-javafx-1.2-ALPHA-2.jar
MD5: fca0d3236d3e432ccee4cec733b1e7db
SHA1: 16dca249f0b91b0585ab8d2ade12a2a124b4582c
SHA256:87fe1f6b27203203a55ede76520fd8e857a20b3b2537ed31aa6b740b704e27f1
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

it-tidalwave-northernwind-rca-ui-site-opener-1.2-ALPHA-2.jar

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/northernwind/rca/it-tidalwave-northernwind-rca-ui-site-opener/1.2-ALPHA-2/it-tidalwave-northernwind-rca-ui-site-opener-1.2-ALPHA-2.jar
MD5: 3296ec5cf65e44979f40721b3ded702e
SHA1: 1311350c22d6edd318a7513c5dee9cf41d7bafe9
SHA256:8c63510c51a2eb7b40cd31090c9bc9ddcfbe75fa9d345bb4e8fc60f792568962
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

it-tidalwave-northernwind-rca-ui-structure-editor-1.2-ALPHA-2.jar

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/northernwind/rca/it-tidalwave-northernwind-rca-ui-structure-editor/1.2-ALPHA-2/it-tidalwave-northernwind-rca-ui-structure-editor-1.2-ALPHA-2.jar
MD5: eede825bc0636d745e611d13585a028a
SHA1: 0441f05bed28b574c603aeef2b80233bcb44bb37
SHA256:564e95111f53e43f1d7f787c5994b657c534da674621d59ad42349450368a27f
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

it-tidalwave-northernwind-rca-ui-structure-explorer-1.2-ALPHA-2.jar

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/northernwind/rca/it-tidalwave-northernwind-rca-ui-structure-explorer/1.2-ALPHA-2/it-tidalwave-northernwind-rca-ui-structure-explorer-1.2-ALPHA-2.jar
MD5: 5b43b9cbfcbc9260650b7f2d92bbf0f8
SHA1: 97efbb0726581156b5082fff7ab226ad7ea51c18
SHA256:28638e0d72cea56d1640d888d04217e0e26fa5f2602a3e957feccdfa7f8025be
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

it-tidalwave-role-3.2-ALPHA-1.jar

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/thesefoolishthings/it-tidalwave-role/3.2-ALPHA-1/it-tidalwave-role-3.2-ALPHA-1.jar
MD5: 3bfaad4fddd0210a68875b8c2c172aac
SHA1: dc3b5024c9ea315429527c9813e6c4ffdeab956e
SHA256:3ea022e9ca215423c0bd3b874110c9db839defbdd0b9c938ac72897ef15ec36e
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

it-tidalwave-role-spring-3.2-ALPHA-1.jar

Description:

Specific Spring support for DCI roles

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/thesefoolishthings/it-tidalwave-role-spring/3.2-ALPHA-1/it-tidalwave-role-spring-3.2-ALPHA-1.jar
MD5: 4d58c00b0efb310543ae3d78ddedaf7d
SHA1: 7d2091a70559c388f71687de4ee99c6c5691e921
SHA256:e91d4c666ef4906cdac2d93d217cf7d3a095d669b6e1f5614ba754d053a16f7e
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

it-tidalwave-role-ui-javafx-1.0-ALPHA-18.jar

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/steelblue/it-tidalwave-role-ui-javafx/1.0-ALPHA-18/it-tidalwave-role-ui-javafx-1.0-ALPHA-18.jar
MD5: 7572e7e81083b8239ad437480b75c126
SHA1: d365ac8399cc6250ab711972ce4c9a35eb9a9db4
SHA256:b67d22aeaced9a80941f484c55d17458d32a27696c38d9927f9a070e949152c4
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

it-tidalwave-util-3.2-ALPHA-1.jar

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/thesefoolishthings/it-tidalwave-util/3.2-ALPHA-1/it-tidalwave-util-3.2-ALPHA-1.jar
MD5: 9c5e7abd349f6b1e32d09de9853c3683
SHA1: e0e4daed817fa4dbfdb6ada4c5c6939a0ff8741d
SHA256:5010cfc22b22208c81f5465c6b3a4a82432113517239cf22b42d10f67b9ed8ed
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

javafx-base-11.0.1-mac.jar

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/openjfx/javafx-base/11.0.1/javafx-base-11.0.1-mac.jar
MD5: 94933060e439fba99478e14fcf2d1b02
SHA1: 2b9ca67aea06b0ea7aa0e740498fc97c822b307e
SHA256:2d8052a08fd2e5d98e1d5a16d724ea5dd02102879de20a193225f57199803983
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

javafx-base-11.0.1.jar

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/openjfx/javafx-base/11.0.1/javafx-base-11.0.1.jar
MD5: b85ce0631dae83fe643fbd32ccd08e4c
SHA1: f1354a284f4151d20358e776f6ff68ee35bbb96d
SHA256:c5084a74417a89c69a0c122fae96a4b70bf619fc3d6218ea102a4047ec85ad04
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

javafx-controls-11.0.1-mac.jar

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/openjfx/javafx-controls/11.0.1/javafx-controls-11.0.1-mac.jar
MD5: f321c782b9bf158a630cb0a7bea73644
SHA1: 0538fd08a4ecd76788766a69c19e90b4cc0179f8
SHA256:148468742e957b765d5ac6d5ba66ce983e1acdf582c191bb35dbfe8cdefdb314
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

javafx-controls-11.0.1.jar

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/openjfx/javafx-controls/11.0.1/javafx-controls-11.0.1.jar
MD5: 2e18fc95e4aa7ce325cefa67b9f61f3d
SHA1: 61cf91bf3494d0616216f49c9e1d183d170adf0a
SHA256:71be28dc4d80744ba541fc50d933729e8703fe1e642ae92037f6fccc7f961971
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

javafx-fxml-11.0.1-mac.jar

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/openjfx/javafx-fxml/11.0.1/javafx-fxml-11.0.1-mac.jar
MD5: a835057792b4fc1aa7d6c4bea9547add
SHA1: 352a51a0f0cb13cf83a081b5dd5526acd4fbab30
SHA256:56f9a32b3a1fc76c761bd40c16917ed1675c8d5dcbe492a44ce9ee2391e27139
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

javafx-fxml-11.0.1.jar

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/openjfx/javafx-fxml/11.0.1/javafx-fxml-11.0.1.jar
MD5: 6e4c64769d877a47edbdd0023d89a074
SHA1: f290c13d7e984d880c9f114f38c2da949ef18d54
SHA256:546fc449f01cd0bbe51a921f9d3f0e5d8764764480caca4a709e681e7ad0b6cf
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

javafx-graphics-11.0.1-mac.jar: javafx-swt.jar

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/openjfx/javafx-graphics/11.0.1/javafx-graphics-11.0.1-mac.jar/javafx-swt.jar
MD5: ee1545edcd485b34080e9389f2f86b5e
SHA1: c12e9a9d5ad723c3e2b60651659b0290d68d9e48
SHA256:a7432e9a357e03571ded2ef3d148086b92c297605797bcb31d37eb95b4779317
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

  • None

javafx-graphics-11.0.1.jar

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/openjfx/javafx-graphics/11.0.1/javafx-graphics-11.0.1.jar
MD5: ff0579b2b89bfc26f6eb73f812076a1b
SHA1: e062cb01783effc6413abbd94d1838f6b0add209
SHA256:f597c672a4337a75ba856f38cf548c524b039f452423c34b55653e56c306733d
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

javafx-media-11.0.1.jar

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/openjfx/javafx-media/11.0.1/javafx-media-11.0.1.jar
MD5: 3c64d2f98b177ba5e63df8f92eeac962
SHA1: fd095047b7d06f6c7b16afe8cf9dffccab5d4494
SHA256:e15b9abf2b4a339a30984d815df62ca91d04fdd77c45401cbdbbb073dfa1d924
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

javafx-web-11.0.1-mac.jar

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/openjfx/javafx-web/11.0.1/javafx-web-11.0.1-mac.jar
MD5: 4f30c090ab80fc20fcc3c79bb638e14c
SHA1: 467ccc809a90d3a4f838fd7acd375a45793d617d
SHA256:6558fa96bc079758990df6102ab83652d1f197419da2a4383690df84a403ba11
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

javafx-web-11.0.1.jar

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/openjfx/javafx-web/11.0.1/javafx-web-11.0.1.jar
MD5: c7c3e3d5ae36020e1d98eeb176a972a0
SHA1: f9da5b47b8b4ba38933ce31af2089d9f92976785
SHA256:f70eec7835e2ce8c85fdf81ff1266fd8c1c3343d062a59ed2be041331d7518b5
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

javax.annotation-api-1.3.2.jar

Description:

Common Annotations for the JavaTM Platform API

License:

CDDL + GPLv2 with classpath exception: https://github.com/javaee/javax.annotation/blob/master/LICENSE
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/javax/annotation/javax.annotation-api/1.3.2/javax.annotation-api-1.3.2.jar
MD5: 2ab1973eefffaa2aeec47d50b9e40b9d
SHA1: 934c04d3cfef185a8008e7bf34331b79730a9d43
SHA256:e04ba5195bcd555dc95650f7cc614d151e4bcd52d29a10b8aa2197f3ab89ab9b
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

javax.inject-1.jar

Description:

The javax.inject API

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/javax/inject/javax.inject/1/javax.inject-1.jar
MD5: 289075e48b909e9e74e6c915b3631d2e
SHA1: 6975da39a7040257bd51d21a231b76c915872d38
SHA256:91c77044a50c481636c32d916fd89c9118a72195390452c81065080f957de7ff
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

javax.servlet-3.0.0.v201112011016.jar

Description:

    This artifact originates from the Orbit Project at Eclipse, 
    it is an osgi bundle and is signed as well.
  

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/eclipse/jetty/orbit/javax.servlet/3.0.0.v201112011016/javax.servlet-3.0.0.v201112011016.jar
MD5: f8e61ace5135ef2a775a0b80ac7012e9
SHA1: 0aaaa85845fb5c59da00193f06b8e5278d8bf3f8
SHA256:a2cc192a076d9effd10becee8aacbe157f0fe2010fd4322e58aaeff198e56dbe
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

CVE-2009-5045  

Dump Servlet information leak in jetty before 6.1.22.
CWE-200 Information Exposure

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions:

CVE-2009-5046  

JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions:

CVE-2017-7656  

In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response.
NVD-CWE-noinfo

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2017-7657  

In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling'), CWE-190 Integer Overflow or Wraparound

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2017-7658  

In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-27216  

In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability.
NVD-CWE-Other

CVSSv2:
  • Base Score: MEDIUM (4.4)
  • Vector: /AV:L/AC:M/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (7.0)
  • Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

jaxb-api-2.2.11.jar

Description:

JAXB (JSR 222) API

License:

CDDL 1.1: https://glassfish.java.net/public/CDDL+GPL_1_1.html
GPL2 w/ CPE: https://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/javax/xml/bind/jaxb-api/2.2.11/jaxb-api-2.2.11.jar
MD5: 5983d1e2ec1a9b0604575cd9e9582591
SHA1: 32274d4244967ff43e7a5d967743d94ed3d2aea7
SHA256:273d82f8653b53ad9d00ce2b2febaef357e79a273560e796ff3fcfec765f8910
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

jaxb-core-2.2.11.jar

Description:

Old JAXB Core module. Contains sources required by XJC, JXC and Runtime modules with dependencies.

License:

http://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/com/sun/xml/bind/jaxb-core/2.2.11/jaxb-core-2.2.11.jar
MD5: c5eca4e58a75eabe3379926803421bab
SHA1: c3f87d654f8d5943cd08592f3f758856544d279a
SHA256:b13da0c655a3d590a2a945553648c407e6347648c9f7a3f811b7b3a8a1974baa
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

jaxb-core-2.2.11.jar (shaded: com.sun.istack:istack-commons-runtime:2.21)

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/com/sun/xml/bind/jaxb-core/2.2.11/jaxb-core-2.2.11.jar/META-INF/maven/com.sun.istack/istack-commons-runtime/pom.xml
MD5: caebf95d1d57fc0321b36137e246e192
SHA1: 04c234cf684a202c5c9bb7f0a198ba97e958f8f4
SHA256:ebe7137b5fbfd050545f9a7f3f339ae55beb0b53755071b4fd62aa024c626d1c
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

jaxb-core-2.2.11.jar (shaded: org.glassfish.jaxb:txw2:2.2.11)

Description:

        TXW is a library that allows you to write XML documents.
    

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/com/sun/xml/bind/jaxb-core/2.2.11/jaxb-core-2.2.11.jar/META-INF/maven/org.glassfish.jaxb/txw2/pom.xml
MD5: 83d24d59202baf2810daa01739963822
SHA1: 4be03527dbf2428f7ea99fb9c2f50f089dffad5e
SHA256:8514cb724b4fca59a5cf272b632e539bd0a0f3cacf1844082d0a173a86406bd8
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

jaxb-impl-2.2.11.jar

Description:

Old JAXB Runtime module. Contains sources required for runtime processing.

License:

http://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/com/sun/xml/bind/jaxb-impl/2.2.11/jaxb-impl-2.2.11.jar
MD5: bea06b3ee5ef2c338beac9187b7782f3
SHA1: a49ce57aee680f9435f49ba6ef427d38c93247a6
SHA256:f91793a96f185a2fc004c86a37086f060985854ce6b19935e03c4de51e3201d2
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

jaxb-impl-2.2.11.jar (shaded: org.glassfish.jaxb:jaxb-runtime:2.2.11)

Description:

JAXB (JSR 222) Reference Implementation

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/com/sun/xml/bind/jaxb-impl/2.2.11/jaxb-impl-2.2.11.jar/META-INF/maven/org.glassfish.jaxb/jaxb-runtime/pom.xml
MD5: fa2e4dc2609e6a4d96418f4ac6519e8d
SHA1: 6a1651361e4c2392aff30da0df648187f670f8cb
SHA256:e5327b31b595ab8143e97836d5ccdf85feb91e7ff5666f7b26913632facca4aa
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

jcl-over-slf4j-1.7.30.jar

Description:

JCL 1.2 implemented over SLF4J

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/slf4j/jcl-over-slf4j/1.7.30/jcl-over-slf4j-1.7.30.jar
MD5: 69ad224b2feb6f86554fe8997b9c3d4b
SHA1: cd92524ea19d27e5b94ecd251e1af729cffdfe15
SHA256:71e9ee37b9e4eb7802a2acc5f41728a4cf3915e7483d798db3b4ff2ec8847c50
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

jetty-io-8.1.10.v20130312.jar

Description:

Administrative parent pom for Jetty modules

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/eclipse/jetty/jetty-io/8.1.10.v20130312/jetty-io-8.1.10.v20130312.jar
MD5: d2010c581f16b96b088fa30c2eb4a1f3
SHA1: e829c768f2b9de5d9fae3bc0aba3996bd0344f56
SHA256:24e926c7cafc6e82d1b695cef752a7264b4d7eb8473607b07bdd6efd7085b20d
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

jetty-server-8.1.10.v20130312.jar

Description:

The core jetty server artifact.

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/eclipse/jetty/jetty-server/8.1.10.v20130312/jetty-server-8.1.10.v20130312.jar
MD5: c080adaecdde7add388e4ee94dec87d2
SHA1: 13ca9587bc1645f8fac89454b15252a2ad5bdcf5
SHA256:64f86a964bae1eabc8f1c2ef98684f7f7f214307636a6b4ef9df2822a7c1d769
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

CVE-2017-7656  

In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response.
NVD-CWE-noinfo

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2017-7657  

In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling'), CWE-190 Integer Overflow or Wraparound

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2017-7658  

In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2017-9735 (OSSINDEX)  

Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.eclipse.jetty:jetty-server:8.1.10.v20130312:*:*:*:*:*:*:*

CVE-2019-10241 (OSSINDEX)  

In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents.
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.eclipse.jetty:jetty-server:8.1.10.v20130312:*:*:*:*:*:*:*

CVE-2019-10247  

In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. The default server behavior on jetty-distribution and jetty-home will include at the end of the Handler tree a DefaultHandler, which is responsible for reporting this 404 error, it presents the various configured contexts as HTML for users to click through to. This produced HTML includes output that contains the configured fully qualified directory base resource location for each context.
CWE-200 Information Exposure

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2020-27216  

In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability.
NVD-CWE-Other

CVSSv2:
  • Base Score: MEDIUM (4.4)
  • Vector: /AV:L/AC:M/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (7.0)
  • Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

jetty-util-8.1.10.v20130312.jar

Description:

Utility classes for Jetty

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/eclipse/jetty/jetty-util/8.1.10.v20130312/jetty-util-8.1.10.v20130312.jar
MD5: 2e89314c4fc31358394ac026673ff34e
SHA1: d198a8ad8ea20b4fb74c781175c48500ec2b8b7a
SHA256:d5e51ef8f56f67e1ef85abf162a3ca4fadda81d36ad284673c0df2242dde340d
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

CVE-2017-7656  

In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response.
NVD-CWE-noinfo

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2017-7657  

In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling'), CWE-190 Integer Overflow or Wraparound

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2017-7658  

In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2019-10247  

In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. The default server behavior on jetty-distribution and jetty-home will include at the end of the Handler tree a DefaultHandler, which is responsible for reporting this 404 error, it presents the various configured contexts as HTML for users to click through to. This produced HTML includes output that contains the configured fully qualified directory base resource location for each context.
CWE-200 Information Exposure

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2020-27216  

In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability.
NVD-CWE-Other

CVSSv2:
  • Base Score: MEDIUM (4.4)
  • Vector: /AV:L/AC:M/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (7.0)
  • Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

jsoup-1.8.3.jar

Description:

jsoup HTML parser

License:

The MIT License: http://jsoup.org/license
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/jsoup/jsoup/1.8.3/jsoup-1.8.3.jar
MD5: 80adb5b301ed840a4b6db97abc02a8b0
SHA1: 65fd012581ded67bc20945d85c32b4598c3a9cf1
SHA256:abeaf34795a4de70f72aed6de5966d2955ec7eb348eeb813324f23c999575473
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

jsr305-3.0.2.jar

Description:

JSR305 Annotations for Findbugs

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar
MD5: dd83accb899363c32b07d7a1b2e4ce40
SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d
SHA256:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

jul-to-slf4j-1.7.30.jar

Description:

JUL to SLF4J bridge

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/slf4j/jul-to-slf4j/1.7.30/jul-to-slf4j-1.7.30.jar
MD5: f2c78cb93d70dc5dea0c50f36ace09c1
SHA1: d58bebff8cbf70ff52b59208586095f467656c30
SHA256:bbcbfdaa72572255c4f85207a9bfdb24358dc993e41252331bd4d0913e4988b9
Referenced In Project/Scope:Zephyr - Installer, macOS:runtime

Identifiers

logback-core-1.2.3.jar

Description:

logback-core module

License:

http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/ch/qos/logback/logback-core/1.2.3/logback-core-1.2.3.jar
MD5: 841fc80c6edff60d947a3872a2db4d45
SHA1: 864344400c3d4d92dfeb0a305dc87d953677c03c
SHA256:5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f22
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

lombok-1.18.18.jar

Description:

Spice up your java: Automatic Resource Management, automatic generation of getters, setters, equals, hashCode and toString, and more!

License:

The MIT License: https://projectlombok.org/LICENSE
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/projectlombok/lombok/1.18.18/lombok-1.18.18.jar
MD5: 6a157cf72924f8d135dcd6c571bf0405
SHA1: 481f5bfed3ae29f656eedfe9e98c8365b8ba5c57
SHA256:601ec46206e0f9cac2c0583b3350e79f095419c395e991c761640f929038e9cc
Referenced In Project/Scope:Zephyr - Installer, macOS:provided

Identifiers

org-openide-filesystems-RELEASE80.jar

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/netbeans/api/org-openide-filesystems/RELEASE80/org-openide-filesystems-RELEASE80.jar
MD5: e0156cecd9b59b39d6f563147b33d06b
SHA1: 49a7350f013a9eb94e77f0d612b8e48c0b277664
SHA256:122784ee11f7ee519b4ecfa08018491d6e478604406e0213e7a72b801585d10e
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

org-openide-util-RELEASE80.jar

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/netbeans/api/org-openide-util/RELEASE80/org-openide-util-RELEASE80.jar
MD5: d566d984d4b7141f0c1b310a9cc88989
SHA1: 93d71a0289ce4881c1a8e5bca620409f87f81287
SHA256:4bd08c136ecdf665261b893da19f2660f450c7556a17970dd161c999af779b2d
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

org-openide-util-lookup-RELEASE80.jar

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/netbeans/api/org-openide-util-lookup/RELEASE80/org-openide-util-lookup-RELEASE80.jar
MD5: c127b6177adc1c32dcdfe83f4265cb77
SHA1: ae3673a0268f1e34fc7c1e8b56f805036de914bb
SHA256:955d96e2df1b5724624a317e910db51c3e29666b38c7c68c52ad773a294ffd47
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

slf4j-api-1.7.30.jar

Description:

The slf4j API

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/slf4j/slf4j-api/1.7.30/slf4j-api-1.7.30.jar
MD5: f8be00da99bc4ab64c79ab1e2be7cb7c
SHA1: b5a4b6d16ab13e34a88fae84c35cd5d68cac922c
SHA256:cdba07964d1bb40a0761485c6b1e8c2f8fd9eb1d19c53928ac0d7f9510105c57
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

spotbugs-annotations-3.1.9.jar

Description:

Annotations the SpotBugs tool supports

License:

GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1: https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/com/github/spotbugs/spotbugs-annotations/3.1.9/spotbugs-annotations-3.1.9.jar
MD5: 56a1a81d69b6a111161bbce0e6dea26a
SHA1: 2ef5127efcc1a899aab8c66d449a631c9a99c469
SHA256:68c7c46b4299e94837e236ae742f399901a950fe910fe3ca710026753b5dd2e1
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

spring-core-5.3.1.jar

Description:

Spring Core

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/springframework/spring-core/5.3.1/spring-core-5.3.1.jar
MD5: df36706fc74458c9c28e97aca7fae409
SHA1: 47af5b161749cd249fc074b4f140e011a3337efd
SHA256:6ee995055163c59703be237be59f0565acb97c9d42c5d60df2bf3a4b4c6ef6e9
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers

stylemanager-0.1b2.jar

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/com/guigarage/stylemanager/0.1b2/stylemanager-0.1b2.jar
MD5: 8707670cc0da217a05d389f9b13f1c81
SHA1: 0340560d989cc325967005238b935b4ed6b3be95
SHA256:958089ae38368cd84e8bce69f409601e2c240d5509739631d3ce7fe0e1d67ae9
Referenced In Project/Scope:Zephyr - Installer, macOS:compile

Identifiers



This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the NPM Public Advisories.
This report may contain data retrieved from RetireJS.
This report may contain data retrieved from the Sonatype OSS Index.