Published: 12/06/2019 Updated: 09/10/2019

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 5.4 | Impact Score: 2.7 | Exploitability Score: 2.3

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

It was found that a SAMLRequest containing a script could be processed by Picketlink versions shipped in Jboss Application Platform 7.2.x and 7.1.x. An attacker could use this to send a malicious script to achieve cross-site scripting and obtain unauthorized information or conduct further attacks.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat jboss_enterprise_application_platform 7.2.0
redhat single sign-on 7.0

Synopsis Moderate: Red Hat JBoss Enterprise Application Platform 722 on RHEL 8 security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat JBoss Enterprise Application Platform 72 for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as h ...

Synopsis Moderate: Red Hat JBoss Enterprise Application Platform 722 security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat JBoss Enterprise Application Platform 72 for Red Hat Enterprise LinuxRed Hat Product Security has rated this update as having a secu ...

Synopsis Moderate: Red Hat JBoss Enterprise Application Platform 722 on RHEL 6 security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat JBoss Enterprise Application Platform 72 for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as h ...

Synopsis Moderate: Red Hat JBoss Enterprise Application Platform 722 on RHEL 7 security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat JBoss Enterprise Application Platform 72 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as h ...

Synopsis Moderate: Red Hat Single Sign-On 732 security update Type/Severity Security Advisory: Moderate Topic A security update is now available for Red Hat Single Sign-On 73 from the Customer PortalRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerab ...

CWE-79 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3872 http://www.securityfocus.com/bid/108732 https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2019:1421

CVE-2019-3872

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect