// For flags

CVE-2019-17091

 

Severity Score

6.1
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client window field is mishandled.

El archivo faces/context/PartialViewContextImpl.java en Eclipse Mojarra, como es usado en Mojarra para Eclipse EE4J versiones anteriores a 2.3.10 y Mojarra JavaServer Faces versiones anteriores a 2.2.20, permite un ataque de tipo XSS Reflejado porque un campo client window es manejado inapropiadamente.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-10-02 CVE Reserved
  • 2019-10-02 CVE Published
  • 2024-08-05 CVE Updated
  • 2024-08-05 First Exploit
  • 2024-09-25 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Eclipse
Search vendor "Eclipse"
Mojarra
Search vendor "Eclipse" for product "Mojarra"
>= 2.3.0 < 2.3.10
Search vendor "Eclipse" for product "Mojarra" and version " >= 2.3.0 < 2.3.10"
-
Affected
Oracle
Search vendor "Oracle"
Mojarra Javaserver Faces
Search vendor "Oracle" for product "Mojarra Javaserver Faces"
>= 2.2.0 < 2.2.20
Search vendor "Oracle" for product "Mojarra Javaserver Faces" and version " >= 2.2.0 < 2.2.20"
-
Affected
Oracle
Search vendor "Oracle"
Application Testing Suite
Search vendor "Oracle" for product "Application Testing Suite"
13.2.0.1
Search vendor "Oracle" for product "Application Testing Suite" and version "13.2.0.1"
-
Affected
Oracle
Search vendor "Oracle"
Application Testing Suite
Search vendor "Oracle" for product "Application Testing Suite"
13.3.0.1
Search vendor "Oracle" for product "Application Testing Suite" and version "13.3.0.1"
-
Affected
Oracle
Search vendor "Oracle"
Banking Enterprise Product Manufacturing
Search vendor "Oracle" for product "Banking Enterprise Product Manufacturing"
2.7.0
Search vendor "Oracle" for product "Banking Enterprise Product Manufacturing" and version "2.7.0"
-
Affected
Oracle
Search vendor "Oracle"
Banking Enterprise Product Manufacturing
Search vendor "Oracle" for product "Banking Enterprise Product Manufacturing"
2.8.0
Search vendor "Oracle" for product "Banking Enterprise Product Manufacturing" and version "2.8.0"
-
Affected
Oracle
Search vendor "Oracle"
Communications Diameter Signaling Router
Search vendor "Oracle" for product "Communications Diameter Signaling Router"
>= 8.0.0.0 <= 8.4.0.5
Search vendor "Oracle" for product "Communications Diameter Signaling Router" and version " >= 8.0.0.0 <= 8.4.0.5"
-
Affected
Oracle
Search vendor "Oracle"
Communications Network Integrity
Search vendor "Oracle" for product "Communications Network Integrity"
7.3.5
Search vendor "Oracle" for product "Communications Network Integrity" and version "7.3.5"
-
Affected
Oracle
Search vendor "Oracle"
Communications Network Integrity
Search vendor "Oracle" for product "Communications Network Integrity"
7.3.6
Search vendor "Oracle" for product "Communications Network Integrity" and version "7.3.6"
-
Affected
Oracle
Search vendor "Oracle"
Communications Unified Inventory Management
Search vendor "Oracle" for product "Communications Unified Inventory Management"
7.3.0
Search vendor "Oracle" for product "Communications Unified Inventory Management" and version "7.3.0"
-
Affected
Oracle
Search vendor "Oracle"
Communications Unified Inventory Management
Search vendor "Oracle" for product "Communications Unified Inventory Management"
7.4.0
Search vendor "Oracle" for product "Communications Unified Inventory Management" and version "7.4.0"
-
Affected
Oracle
Search vendor "Oracle"
Enterprise Data Quality
Search vendor "Oracle" for product "Enterprise Data Quality"
12.2.1.3.0
Search vendor "Oracle" for product "Enterprise Data Quality" and version "12.2.1.3.0"
-
Affected
Oracle
Search vendor "Oracle"
Health Sciences Information Manager
Search vendor "Oracle" for product "Health Sciences Information Manager"
3.0
Search vendor "Oracle" for product "Health Sciences Information Manager" and version "3.0"
-
Affected
Oracle
Search vendor "Oracle"
Healthcare Data Repository
Search vendor "Oracle" for product "Healthcare Data Repository"
7.0
Search vendor "Oracle" for product "Healthcare Data Repository" and version "7.0"
-
Affected
Oracle
Search vendor "Oracle"
Primavera P6 Enterprise Project Portfolio Management
Search vendor "Oracle" for product "Primavera P6 Enterprise Project Portfolio Management"
>= 15.1.0.0 <= 15.2.18.7
Search vendor "Oracle" for product "Primavera P6 Enterprise Project Portfolio Management" and version " >= 15.1.0.0 <= 15.2.18.7"
-
Affected
Oracle
Search vendor "Oracle"
Primavera P6 Enterprise Project Portfolio Management
Search vendor "Oracle" for product "Primavera P6 Enterprise Project Portfolio Management"
>= 16.1.0.0 <= 16.2.19.0
Search vendor "Oracle" for product "Primavera P6 Enterprise Project Portfolio Management" and version " >= 16.1.0.0 <= 16.2.19.0"
-
Affected
Oracle
Search vendor "Oracle"
Primavera P6 Enterprise Project Portfolio Management
Search vendor "Oracle" for product "Primavera P6 Enterprise Project Portfolio Management"
>= 17.1.0.0 <= 17.12.15.0
Search vendor "Oracle" for product "Primavera P6 Enterprise Project Portfolio Management" and version " >= 17.1.0.0 <= 17.12.15.0"
-
Affected
Oracle
Search vendor "Oracle"
Primavera P6 Enterprise Project Portfolio Management
Search vendor "Oracle" for product "Primavera P6 Enterprise Project Portfolio Management"
>= 18.1.0.0 <= 18.8.15.0
Search vendor "Oracle" for product "Primavera P6 Enterprise Project Portfolio Management" and version " >= 18.1.0.0 <= 18.8.15.0"
-
Affected
Oracle
Search vendor "Oracle"
Primavera P6 Enterprise Project Portfolio Management
Search vendor "Oracle" for product "Primavera P6 Enterprise Project Portfolio Management"
19.12.0.0
Search vendor "Oracle" for product "Primavera P6 Enterprise Project Portfolio Management" and version "19.12.0.0"
-
Affected
Oracle
Search vendor "Oracle"
Rapid Planning
Search vendor "Oracle" for product "Rapid Planning"
12.1
Search vendor "Oracle" for product "Rapid Planning" and version "12.1"
-
Affected
Oracle
Search vendor "Oracle"
Rapid Planning
Search vendor "Oracle" for product "Rapid Planning"
12.2
Search vendor "Oracle" for product "Rapid Planning" and version "12.2"
-
Affected
Oracle
Search vendor "Oracle"
Retail Advanced Inventory Planning
Search vendor "Oracle" for product "Retail Advanced Inventory Planning"
15.0
Search vendor "Oracle" for product "Retail Advanced Inventory Planning" and version "15.0"
-
Affected
Oracle
Search vendor "Oracle"
Retail Advanced Inventory Planning
Search vendor "Oracle" for product "Retail Advanced Inventory Planning"
16.0
Search vendor "Oracle" for product "Retail Advanced Inventory Planning" and version "16.0"
-
Affected
Oracle
Search vendor "Oracle"
Retail Assortment Planning
Search vendor "Oracle" for product "Retail Assortment Planning"
16.0.3
Search vendor "Oracle" for product "Retail Assortment Planning" and version "16.0.3"
-
Affected
Oracle
Search vendor "Oracle"
Retail Bulk Data Integration
Search vendor "Oracle" for product "Retail Bulk Data Integration"
16.0.3.0
Search vendor "Oracle" for product "Retail Bulk Data Integration" and version "16.0.3.0"
-
Affected
Oracle
Search vendor "Oracle"
Retail Financial Integration
Search vendor "Oracle" for product "Retail Financial Integration"
15.0
Search vendor "Oracle" for product "Retail Financial Integration" and version "15.0"
-
Affected
Oracle
Search vendor "Oracle"
Retail Financial Integration
Search vendor "Oracle" for product "Retail Financial Integration"
16.0
Search vendor "Oracle" for product "Retail Financial Integration" and version "16.0"
-
Affected
Oracle
Search vendor "Oracle"
Retail Integration Bus
Search vendor "Oracle" for product "Retail Integration Bus"
15.0
Search vendor "Oracle" for product "Retail Integration Bus" and version "15.0"
-
Affected
Oracle
Search vendor "Oracle"
Retail Integration Bus
Search vendor "Oracle" for product "Retail Integration Bus"
16.0
Search vendor "Oracle" for product "Retail Integration Bus" and version "16.0"
-
Affected
Oracle
Search vendor "Oracle"
Retail Invoice Matching
Search vendor "Oracle" for product "Retail Invoice Matching"
16.0
Search vendor "Oracle" for product "Retail Invoice Matching" and version "16.0"
-
Affected
Oracle
Search vendor "Oracle"
Retail Merchandising System
Search vendor "Oracle" for product "Retail Merchandising System"
16.0
Search vendor "Oracle" for product "Retail Merchandising System" and version "16.0"
-
Affected
Oracle
Search vendor "Oracle"
Retail Service Backbone
Search vendor "Oracle" for product "Retail Service Backbone"
15.0
Search vendor "Oracle" for product "Retail Service Backbone" and version "15.0"
-
Affected
Oracle
Search vendor "Oracle"
Retail Service Backbone
Search vendor "Oracle" for product "Retail Service Backbone"
16.0
Search vendor "Oracle" for product "Retail Service Backbone" and version "16.0"
-
Affected
Oracle
Search vendor "Oracle"
Retail Store Inventory Management
Search vendor "Oracle" for product "Retail Store Inventory Management"
14.0.4
Search vendor "Oracle" for product "Retail Store Inventory Management" and version "14.0.4"
-
Affected
Oracle
Search vendor "Oracle"
Retail Store Inventory Management
Search vendor "Oracle" for product "Retail Store Inventory Management"
14.1.3
Search vendor "Oracle" for product "Retail Store Inventory Management" and version "14.1.3"
-
Affected
Oracle
Search vendor "Oracle"
Retail Store Inventory Management
Search vendor "Oracle" for product "Retail Store Inventory Management"
15.0.3
Search vendor "Oracle" for product "Retail Store Inventory Management" and version "15.0.3"
-
Affected
Oracle
Search vendor "Oracle"
Retail Store Inventory Management
Search vendor "Oracle" for product "Retail Store Inventory Management"
16.0.3
Search vendor "Oracle" for product "Retail Store Inventory Management" and version "16.0.3"
-
Affected
Oracle
Search vendor "Oracle"
Secure Global Desktop
Search vendor "Oracle" for product "Secure Global Desktop"
5.4
Search vendor "Oracle" for product "Secure Global Desktop" and version "5.4"
-
Affected
Oracle
Search vendor "Oracle"
Secure Global Desktop
Search vendor "Oracle" for product "Secure Global Desktop"
5.5
Search vendor "Oracle" for product "Secure Global Desktop" and version "5.5"
-
Affected
Oracle
Search vendor "Oracle"
Time And Labor
Search vendor "Oracle" for product "Time And Labor"
>= 12.2.6 <= 12.2.11
Search vendor "Oracle" for product "Time And Labor" and version " >= 12.2.6 <= 12.2.11"
-
Affected