CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-3873

It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve cross-site scripting or possibly conduct further attacks.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 65.3%

CVSS Severity

CVSS v3 Score 6.4

CVSS v2 Score 6.0

References

http://www.securityfocus.com/bid/108739
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3873
http://www.securityfocus.com/bid/108739
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3873

Products affected by CVE-2019-3873

Redhat » Jboss Enterprise Application Platform » Version: 7.2.0

cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0
Redhat » Single Sign-On » Version: 7.0

cpe:2.3:a:redhat:single_sign-on:7.0
Redhat » Enterprise Linux » Version: 6.0

cpe:2.3:o:redhat:enterprise_linux:6.0
Redhat » Enterprise Linux » Version: 7.0

cpe:2.3:o:redhat:enterprise_linux:7.0
Redhat » Enterprise Linux » Version: 8.0

cpe:2.3:o:redhat:enterprise_linux:8.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-3873

Products

Pricing

Contact Us