Details of VAR-202004-2191

ID

VAR-202004-2191

CVE

CVE-2020-11022

TITLE

jQuery Cross-site scripting vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202004-2429

DESCRIPTION

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. jQuery is an open source, cross-browser JavaScript library developed by American John Resig programmers. The library simplifies the operation between HTML and JavaScript, and has the characteristics of modularization and plug-in extension. A cross-site scripting vulnerability exists in jQuery versions 1.2 through 3.5.0. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4693-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 26, 2020 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : drupal7 CVE ID : CVE-2020-11022 CVE-2020-11023 SA-CORE-2020-003 Several vulnerabilities were discovered in Drupal, a fully-featured content management framework, which could result in an open redirect or cross-site scripting. For the oldstable distribution (stretch), these problems have been fixed in version 7.52-2+deb9u10. We recommend that you upgrade your drupal7 packages. For the detailed security status of drupal7 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/drupal7 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl7NhRgACgkQEMKTtsN8 TjZELQ//ao+AlYru8sTlC4Axs1r3QfXyq/FFn55C2faDkZonWP3+S4O5GjJaDwcH q9J1OBhvlkTsRkP55qGplUi9pLxs8OTdnJD5VnRXsvijVEhhZ5DOYnLJcLQ5Ggq5 Io8ImGbrGY64qItxmEXUyFfI0YrJ/s1aagUBodORaF6yeJ6DwqIxRVRBS4A3UD61 AH0u/cw69y7WHf1FLpPYAWZSZ0lzkPFxUbi8DlYzwPZApQfhOFCYoWjdziUbxZUU yZH8M0CORFG2ron8K+sbgKPpepRc6u55OxYU1WxzejJSfKKnGhhaNBrztbgomtIB pLQ+BSB2tD5iOR/QcdXgmhhTrApUSiR6dF2iPwXt1Bo2+1l2ChEVYfi1q1ggTx5O e6xulfy+3xSPI4afi4gL1KTHJkg9OZnU1pST3kSxBp/gp+/I473EYqwzhlB14msU SqNy5kId+GsYzMsvcufbOEsqR2ffAGDz9RNPF7NkfphvAT9YyaXq0kgmnxtMiac1 Um1/7oDh4dZBTzFNnvWRYWQcydgfDvEzW1TQdCd2hp8YTXjhCFNeJrxQx0O9eLxv jcWC+z0rfQeiUAk7VtqeoCDRS6deVxm1TfXXcV0vgyKGQh5/FBVo9V2L9ag/8phO 0l0TPROG766wZDooBFXNWerf85AT5zCIFopeZopPyuQNIjJA2UU= =yOQd -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Single Sign-On 7.6.2 security update on RHEL 8 Advisory ID: RHSA-2023:1044-01 Product: Red Hat Single Sign-On Advisory URL: https://access.redhat.com/errata/RHSA-2023:1044 Issue date: 2023-03-01 CVE Names: CVE-2018-14040 CVE-2018-14042 CVE-2019-11358 CVE-2020-11022 CVE-2020-11023 CVE-2021-35065 CVE-2021-44906 CVE-2022-1274 CVE-2022-1438 CVE-2022-1471 CVE-2022-2764 CVE-2022-3782 CVE-2022-3916 CVE-2022-4137 CVE-2022-24785 CVE-2022-25857 CVE-2022-31129 CVE-2022-37603 CVE-2022-38749 CVE-2022-38750 CVE-2022-38751 CVE-2022-40149 CVE-2022-40150 CVE-2022-42003 CVE-2022-42004 CVE-2022-45047 CVE-2022-45693 CVE-2022-46175 CVE-2022-46363 CVE-2022-46364 CVE-2023-0091 CVE-2023-0264 ==================================================================== 1. Summary: New Red Hat Single Sign-On 7.6.2 packages are now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Single Sign-On 7.6 for RHEL 8 - noarch 3. Description: Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.2 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * keycloak: XSS on impersonation under specific circumstances (CVE-2022-1438) * Moment.js: Path traversal in moment.locale (CVE-2022-24785) * keycloak: missing email notification template allowlist (CVE-2022-1274) * keycloak: minimist: prototype pollution (CVE-2021-44906) * moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129) * undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations (CVE-2022-2764) * snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857) * loader-utils: loader-utils:Regular expression denial of service (CVE-2022-37603) * keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916) * keycloak: path traversal via double URL encoding (CVE-2022-3782) * snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749) * snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751) * snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750) * keycloak: Client Registration endpoint does not check token revocation (CVE-2023-0091) * keycloak: glob-parent: Regular Expression Denial of Service (CVE-2021-35065) * json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175) * keycloak: keycloak: user impersonation via stolen uuid code (CVE-2023-0264) * snakeyaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471) * CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364) * rcue-bootstrap: bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042) * jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693) * sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047) * jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150) * jettison: parser crash by stackoverflow (CVE-2022-40149) * jackson-databind: use of deeply nested arrays (CVE-2022-42004) * jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003) * jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022) * jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution (CVE-2020-11023) * bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040) * jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358) * CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363) * keycloak: reflected XSS attack (CVE-2022-4137) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1601614 - CVE-2018-14040 bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute 1601617 - CVE-2018-14042 bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip 1701972 - CVE-2019-11358 jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 2031904 - CVE-2022-1438 keycloak: XSS on impersonation under specific circumstances 2066009 - CVE-2021-44906 minimist: prototype pollution 2072009 - CVE-2022-24785 Moment.js: Path traversal in moment.locale 2073157 - CVE-2022-1274 keycloak: HTML injection in execute-actions-email Admin REST API 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS 2117506 - CVE-2022-2764 Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations 2126789 - CVE-2022-25857 snakeyaml: Denial of Service due to missing nested depth limitation for collections 2129706 - CVE-2022-38749 snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode 2129707 - CVE-2022-38750 snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject 2129709 - CVE-2022-38751 snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match 2135244 - CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS 2135247 - CVE-2022-42004 jackson-databind: use of deeply nested arrays 2135770 - CVE-2022-40150 jettison: memory exhaustion via user-supplied XML or JSON data 2135771 - CVE-2022-40149 jettison: parser crash by stackoverflow 2138971 - CVE-2022-3782 keycloak: path traversal via double URL encoding 2140597 - CVE-2022-37603 loader-utils:Regular expression denial of service 2141404 - CVE-2022-3916 keycloak: Session takeover with OIDC offline refreshtokens 2145194 - CVE-2022-45047 mina-sshd: Java unsafe deserialization vulnerability 2148496 - CVE-2022-4137 keycloak: reflected XSS attack 2150009 - CVE-2022-1471 SnakeYaml: Constructor Deserialization Remote Code Execution 2155681 - CVE-2022-46363 Apache CXF: directory listing / code exfiltration 2155682 - CVE-2022-46364 Apache CXF: SSRF Vulnerability 2155970 - CVE-2022-45693 jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos 2156263 - CVE-2022-46175 json5: Prototype Pollution in JSON5 via Parse Method 2156324 - CVE-2021-35065 glob-parent: Regular Expression Denial of Service 2158585 - CVE-2023-0091 keycloak: Client Registration endpoint does not check token revocation 2160585 - CVE-2023-0264 keycloak: user impersonation via stolen uuid code 6. Package List: Red Hat Single Sign-On 7.6 for RHEL 8: Source: rh-sso7-keycloak-18.0.6-1.redhat_00001.1.el8sso.src.rpm noarch: rh-sso7-keycloak-18.0.6-1.redhat_00001.1.el8sso.noarch.rpm rh-sso7-keycloak-server-18.0.6-1.redhat_00001.1.el8sso.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-14040 https://access.redhat.com/security/cve/CVE-2018-14042 https://access.redhat.com/security/cve/CVE-2019-11358 https://access.redhat.com/security/cve/CVE-2020-11022 https://access.redhat.com/security/cve/CVE-2020-11023 https://access.redhat.com/security/cve/CVE-2021-35065 https://access.redhat.com/security/cve/CVE-2021-44906 https://access.redhat.com/security/cve/CVE-2022-1274 https://access.redhat.com/security/cve/CVE-2022-1438 https://access.redhat.com/security/cve/CVE-2022-1471 https://access.redhat.com/security/cve/CVE-2022-2764 https://access.redhat.com/security/cve/CVE-2022-3782 https://access.redhat.com/security/cve/CVE-2022-3916 https://access.redhat.com/security/cve/CVE-2022-4137 https://access.redhat.com/security/cve/CVE-2022-24785 https://access.redhat.com/security/cve/CVE-2022-25857 https://access.redhat.com/security/cve/CVE-2022-31129 https://access.redhat.com/security/cve/CVE-2022-37603 https://access.redhat.com/security/cve/CVE-2022-38749 https://access.redhat.com/security/cve/CVE-2022-38750 https://access.redhat.com/security/cve/CVE-2022-38751 https://access.redhat.com/security/cve/CVE-2022-40149 https://access.redhat.com/security/cve/CVE-2022-40150 https://access.redhat.com/security/cve/CVE-2022-42003 https://access.redhat.com/security/cve/CVE-2022-42004 https://access.redhat.com/security/cve/CVE-2022-45047 https://access.redhat.com/security/cve/CVE-2022-45693 https://access.redhat.com/security/cve/CVE-2022-46175 https://access.redhat.com/security/cve/CVE-2022-46363 https://access.redhat.com/security/cve/CVE-2022-46364 https://access.redhat.com/security/cve/CVE-2023-0091 https://access.redhat.com/security/cve/CVE-2023-0264 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY//tydzjgjWX9erEAQi3mRAAl2V/N7ukiujfYBfqFIxjbd79VtL9hlfD ixzJ8bB0hUusxmPINevon76ruf5k39FEAAYDnu1lNTZyY9kxJaigrx1a+EdYz6yV mSKgJ6Feg+k4WIU+lSoY5Dshvq+5KSHnc9qiJOu5wDY6TwHG70WB2DgjCwx82aKG fzAY0OBuo5gF21Nya2BQIJP8b8h3JWlLu5Mq9fZgniwzXq/O8uvyCnIKUuzMGCaN qhFNieWPO707T06X+vY0yHBRIR/D+JrKo22EtszLKOHTP6r2RNPQ4nGiLVAeqg0/ ri5BWi84o1oTBWYkl2h2lt8XKYnryb9HsZxMxHCDglY+4bcgV/owaGclLYUIMwth JFMetBihLrfQNpqkKeeCbZ7nWW2HpM/N4IBxc2cIwUiP4UAHa51WmTdHW8ERt8vF 4KuMu8IuoJdb1eY7S52Y+AFuqctbI0n0QpI00CwncJMij7YbCTWbL0tS7DLYlI9N yzYBNYDJO4PUvfZaukPDMOHsdk56VO5tD19Okk7MKYqhs59OGluOnhCPn4Bc0/Iq vkfWfgtxItk72fC6Ojnvy9lf9hLkAKuP7pb6tFkffSrKQSJXDMkO2HROqES9XGe6 S/dWJWNseuoDSJveH4ot5h8vuU0GztMKaI1lMOU6xMr7jx4cPOss8NmHHCnBaBHY n1OvFU4NzQU=chys -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Solution: For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1790277 - CVE-2019-20372 nginx: HTTP request smuggling in configurations with URL redirect used as error_page 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1850004 - CVE-2020-11023 jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution 1911314 - CVE-2020-35678 python-autobahn: allows redirect header injection 1928847 - CVE-2021-20253 ansible-tower: Privilege escalation via job isolation escape 5. Summary: An update for jaeger, kiali, and servicemesh-grafana is now available for OpenShift Service Mesh 1.0. Description: Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. Security Fix(es): * nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying properties (CVE-2019-10744) * nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload (CVE-2020-7598) * jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022) * grafana: information disclosure through world-readable grafana configuration files (CVE-2020-12459) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/): 1739497 - CVE-2019-10744 nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying properties 1813344 - CVE-2020-7598 nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1829724 - CVE-2020-12459 grafana: information disclosure through world-readable grafana configuration files 6

Trust: 1.44

sources: NVD: CVE-2020-11022 // VULHUB: VHN-163559 // PACKETSTORM: 168835 // PACKETSTORM: 171213 // PACKETSTORM: 171211 // PACKETSTORM: 161727 // PACKETSTORM: 157905

AFFECTED PRODUCTS

vendor:	oracle	model:	jdeveloper	scope:	eq	version:	12.2.1.3.0	Trust: 1.0
vendor:	oracle	model:	jdeveloper	scope:	eq	version:	12.2.1.4.0	Trust: 1.0
vendor:	oracle	model:	financial services data foundation	scope:	gte	version:	8.0.6	Trust: 1.0
vendor:	oracle	model:	financial services analytical applications infrastructure	scope:	gte	version:	8.0.6.0.0	Trust: 1.0
vendor:	oracle	model:	hospitality simphony	scope:	eq	version:	19.1.0-19.1.2	Trust: 1.0
vendor:	oracle	model:	financial services market risk measurement and management	scope:	eq	version:	8.0.8	Trust: 1.0
vendor:	drupal	model:	drupal	scope:	gte	version:	8.7.0	Trust: 1.0
vendor:	oracle	model:	financial services liquidity risk measurement and management	scope:	eq	version:	8.1.0	Trust: 1.0
vendor:	oracle	model:	financial services analytical applications infrastructure	scope:	gte	version:	8.0.6	Trust: 1.0
vendor:	netapp	model:	h300s	scope:	eq	version:	-	Trust: 1.0
vendor:	drupal	model:	drupal	scope:	lt	version:	8.7.14	Trust: 1.0
vendor:	oracle	model:	communications billing and revenue management	scope:	eq	version:	12.0.0.3.0	Trust: 1.0
vendor:	oracle	model:	financial services analytical applications reconciliation framework	scope:	lte	version:	8.0.8	Trust: 1.0
vendor:	oracle	model:	hospitality materials control	scope:	eq	version:	18.1	Trust: 1.0
vendor:	oracle	model:	hospitality simphony	scope:	lte	version:	19.1.2	Trust: 1.0
vendor:	oracle	model:	financial services data governance for us regulatory reporting	scope:	lte	version:	8.0.9	Trust: 1.0
vendor:	oracle	model:	policy automation connector for siebel	scope:	eq	version:	10.4.6	Trust: 1.0
vendor:	oracle	model:	financial services analytical applications reconciliation framework	scope:	eq	version:	8.1.0	Trust: 1.0
vendor:	oracle	model:	financial services basel regulatory capital basic	scope:	lte	version:	8.0.8	Trust: 1.0
vendor:	oracle	model:	enterprise session border controller	scope:	eq	version:	8.4	Trust: 1.0
vendor:	oracle	model:	financial services institutional performance analytics	scope:	eq	version:	8.0.6	Trust: 1.0
vendor:	oracle	model:	financial services profitability management	scope:	eq	version:	8.0.6	Trust: 1.0
vendor:	oracle	model:	retail back office	scope:	eq	version:	14.0	Trust: 1.0
vendor:	netapp	model:	snapcenter	scope:	eq	version:	-	Trust: 1.0
vendor:	drupal	model:	drupal	scope:	gte	version:	8.8.0	Trust: 1.0
vendor:	oracle	model:	financial services price creation and discovery	scope:	eq	version:	8.0.7	Trust: 1.0
vendor:	oracle	model:	insurance data foundation	scope:	lte	version:	8.1.0	Trust: 1.0
vendor:	oracle	model:	banking digital experience	scope:	eq	version:	20.1	Trust: 1.0
vendor:	oracle	model:	insurance allocation manager for enterprise profitability	scope:	eq	version:	8.1.0	Trust: 1.0
vendor:	oracle	model:	financial services analytical applications reconciliation framework	scope:	gte	version:	8.0.6	Trust: 1.0
vendor:	oracle	model:	financial services liquidity risk measurement and management	scope:	eq	version:	8.0.7	Trust: 1.0
vendor:	oracle	model:	insurance accounting analyzer	scope:	eq	version:	8.0.9	Trust: 1.0
vendor:	oracle	model:	financial services loan loss forecasting and provisioning	scope:	eq	version:	8.1.0	Trust: 1.0
vendor:	oracle	model:	financial services funds transfer pricing	scope:	eq	version:	8.1.0	Trust: 1.0
vendor:	oracle	model:	insurance data foundation	scope:	gte	version:	8.0.6	Trust: 1.0
vendor:	oracle	model:	agile product lifecycle management for process	scope:	eq	version:	6.2.0.0	Trust: 1.0
vendor:	oracle	model:	peoplesoft enterprise peopletools	scope:	eq	version:	8.58	Trust: 1.0
vendor:	oracle	model:	communications eagle application processor	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	oracle	model:	banking digital experience	scope:	eq	version:	18.2	Trust: 1.0
vendor:	jquery	model:	jquery	scope:	gte	version:	1.2	Trust: 1.0
vendor:	oracle	model:	financial services basel regulatory capital basic	scope:	gte	version:	8.0.6	Trust: 1.0
vendor:	oracle	model:	financial services data governance for us regulatory reporting	scope:	gte	version:	8.0.6	Trust: 1.0
vendor:	oracle	model:	financial services profitability management	scope:	eq	version:	8.1.0	Trust: 1.0
vendor:	drupal	model:	drupal	scope:	gte	version:	7.0	Trust: 1.0
vendor:	oracle	model:	blockchain platform	scope:	lt	version:	21.1.2	Trust: 1.0
vendor:	drupal	model:	drupal	scope:	lt	version:	8.8.6	Trust: 1.0
vendor:	oracle	model:	communications diameter signaling router idih\:	scope:	lte	version:	8.2.2	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	31	Trust: 1.0
vendor:	oracle	model:	financial services loan loss forecasting and provisioning	scope:	gte	version:	8.0.6	Trust: 1.0
vendor:	oracle	model:	insurance insbridge rating and underwriting	scope:	gte	version:	5.0.0.0	Trust: 1.0
vendor:	oracle	model:	financial services regulatory reporting for european banking authority	scope:	lte	version:	8.1.0	Trust: 1.0
vendor:	netapp	model:	h300e	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	banking digital experience	scope:	eq	version:	19.2	Trust: 1.0
vendor:	oracle	model:	healthcare foundation	scope:	eq	version:	7.2.0	Trust: 1.0
vendor:	oracle	model:	siebel ui framework	scope:	eq	version:	20.8	Trust: 1.0
vendor:	oracle	model:	weblogic server	scope:	eq	version:	14.1.1.0.0	Trust: 1.0
vendor:	oracle	model:	banking digital experience	scope:	lte	version:	20.1	Trust: 1.0
vendor:	netapp	model:	h700e	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	weblogic server	scope:	eq	version:	12.2.1.3.0	Trust: 1.0
vendor:	oracle	model:	weblogic server	scope:	eq	version:	12.2.1.4.0	Trust: 1.0
vendor:	netapp	model:	h500s	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	financial services funds transfer pricing	scope:	eq	version:	8.0.7	Trust: 1.0
vendor:	oracle	model:	financial services price creation and discovery	scope:	eq	version:	8.0.6	Trust: 1.0
vendor:	oracle	model:	healthcare foundation	scope:	eq	version:	7.2.1	Trust: 1.0
vendor:	oracle	model:	policy automation	scope:	lte	version:	12.2.20	Trust: 1.0
vendor:	netapp	model:	oncommand system manager	scope:	gte	version:	3.0	Trust: 1.0
vendor:	oracle	model:	financial services profitability management	scope:	eq	version:	8.0.7	Trust: 1.0
vendor:	oracle	model:	financial services hedge management and ifrs valuations	scope:	eq	version:	8.1.0	Trust: 1.0
vendor:	oracle	model:	enterprise manager ops center	scope:	eq	version:	12.4.0.0	Trust: 1.0
vendor:	oracle	model:	banking digital experience	scope:	gte	version:	18.1	Trust: 1.0
vendor:	oracle	model:	policy automation	scope:	gte	version:	12.2.0	Trust: 1.0
vendor:	oracle	model:	financial services asset liability management	scope:	eq	version:	8.1.0	Trust: 1.0
vendor:	oracle	model:	communications application session controller	scope:	eq	version:	3.8m0	Trust: 1.0
vendor:	oracle	model:	financial services basel regulatory capital internal ratings based approach	scope:	eq	version:	8.1.0	Trust: 1.0
vendor:	oracle	model:	financial services market risk measurement and management	scope:	eq	version:	8.0.6	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	oracle	model:	banking digital experience	scope:	eq	version:	18.3	Trust: 1.0
vendor:	oracle	model:	financial services hedge management and ifrs valuations	scope:	gte	version:	8.0.6	Trust: 1.0
vendor:	oracle	model:	weblogic server	scope:	eq	version:	10.3.6.0.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	33	Trust: 1.0
vendor:	oracle	model:	financial services basel regulatory capital internal ratings based approach	scope:	lte	version:	8.0.8	Trust: 1.0
vendor:	drupal	model:	drupal	scope:	lt	version:	7.70	Trust: 1.0
vendor:	oracle	model:	insurance insbridge rating and underwriting	scope:	eq	version:	5.6.1.0	Trust: 1.0
vendor:	oracle	model:	financial services balance sheet planning	scope:	eq	version:	8.0.8	Trust: 1.0
vendor:	oracle	model:	financial services funds transfer pricing	scope:	eq	version:	8.0.6	Trust: 1.0
vendor:	oracle	model:	retail returns management	scope:	eq	version:	14.1	Trust: 1.0
vendor:	oracle	model:	hospitality simphony	scope:	eq	version:	18.1	Trust: 1.0
vendor:	oracle	model:	insurance allocation manager for enterprise profitability	scope:	eq	version:	8.0.8	Trust: 1.0
vendor:	oracle	model:	financial services asset liability management	scope:	eq	version:	8.0.7	Trust: 1.0
vendor:	oracle	model:	insurance data foundation	scope:	eq	version:	8.0.6-8.1.0	Trust: 1.0
vendor:	oracle	model:	peoplesoft enterprise peopletools	scope:	eq	version:	8.56	Trust: 1.0
vendor:	oracle	model:	financial services basel regulatory capital basic	scope:	eq	version:	8.1.0	Trust: 1.0
vendor:	oracle	model:	financial services regulatory reporting for us federal reserve	scope:	lte	version:	8.0.9	Trust: 1.0
vendor:	oracle	model:	peoplesoft enterprise peopletools	scope:	eq	version:	8.57	Trust: 1.0
vendor:	opensuse	model:	leap	scope:	eq	version:	15.2	Trust: 1.0
vendor:	oracle	model:	communications services gatekeeper	scope:	eq	version:	7.0	Trust: 1.0
vendor:	oracle	model:	financial services data integration hub	scope:	eq	version:	8.1.0	Trust: 1.0
vendor:	oracle	model:	healthcare foundation	scope:	eq	version:	7.3.0	Trust: 1.0
vendor:	oracle	model:	insurance insbridge rating and underwriting	scope:	lte	version:	5.6.0.0	Trust: 1.0
vendor:	oracle	model:	hospitality simphony	scope:	eq	version:	18.2	Trust: 1.0
vendor:	oracle	model:	financial services data foundation	scope:	lte	version:	8.1.0	Trust: 1.0
vendor:	oracle	model:	policy automation for mobile devices	scope:	lte	version:	12.2.20	Trust: 1.0
vendor:	oracle	model:	storagetek acsls	scope:	eq	version:	8.5.1	Trust: 1.0
vendor:	netapp	model:	snap creator framework	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	financial services basel regulatory capital internal ratings based approach	scope:	gte	version:	8.0.6	Trust: 1.0
vendor:	netapp	model:	h410c	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	banking digital experience	scope:	eq	version:	18.1	Trust: 1.0
vendor:	oracle	model:	policy automation for mobile devices	scope:	gte	version:	12.2.0	Trust: 1.0
vendor:	jquery	model:	jquery	scope:	lt	version:	3.5.0	Trust: 1.0
vendor:	oracle	model:	financial services liquidity risk management	scope:	eq	version:	8.0.6	Trust: 1.0
vendor:	netapp	model:	oncommand insight	scope:	eq	version:	-	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	32	Trust: 1.0
vendor:	oracle	model:	financial services analytical applications infrastructure	scope:	lte	version:	8.1.0.0.0	Trust: 1.0
vendor:	netapp	model:	h500e	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	h410s	scope:	eq	version:	-	Trust: 1.0
vendor:	tenable	model:	log correlation engine	scope:	lt	version:	6.0.9	Trust: 1.0
vendor:	oracle	model:	communications diameter signaling router idih\:	scope:	gte	version:	8.0.0	Trust: 1.0
vendor:	oracle	model:	healthcare foundation	scope:	eq	version:	7.1.1	Trust: 1.0
vendor:	oracle	model:	financial services data integration hub	scope:	eq	version:	8.0.7	Trust: 1.0
vendor:	oracle	model:	communications eagle application processor	scope:	lte	version:	16.4.0	Trust: 1.0
vendor:	oracle	model:	financial services asset liability management	scope:	eq	version:	8.0.6	Trust: 1.0
vendor:	oracle	model:	financial services regulatory reporting for us federal reserve	scope:	gte	version:	8.0.6	Trust: 1.0
vendor:	netapp	model:	max data	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	financial services institutional performance analytics	scope:	eq	version:	8.1.0	Trust: 1.0
vendor:	oracle	model:	financial services regulatory reporting for european banking authority	scope:	gte	version:	8.0.6	Trust: 1.0
vendor:	oracle	model:	jdeveloper	scope:	eq	version:	11.1.1.9.0	Trust: 1.0
vendor:	oracle	model:	retail returns management	scope:	eq	version:	14.0	Trust: 1.0
vendor:	oracle	model:	financial services loan loss forecasting and provisioning	scope:	lte	version:	8.0.8	Trust: 1.0
vendor:	oracle	model:	agile product supplier collaboration for process	scope:	eq	version:	6.2.0.0	Trust: 1.0
vendor:	oracle	model:	financial services analytical applications infrastructure	scope:	lte	version:	8.1.0	Trust: 1.0
vendor:	oracle	model:	application testing suite	scope:	eq	version:	13.3.0.1	Trust: 1.0
vendor:	oracle	model:	retail back office	scope:	eq	version:	14.1	Trust: 1.0
vendor:	oracle	model:	hospitality simphony	scope:	gte	version:	19.1.0	Trust: 1.0
vendor:	oracle	model:	banking digital experience	scope:	eq	version:	19.1	Trust: 1.0
vendor:	oracle	model:	weblogic server	scope:	eq	version:	12.1.3.0.0	Trust: 1.0
vendor:	oracle	model:	communications webrtc session controller	scope:	eq	version:	7.2	Trust: 1.0
vendor:	oracle	model:	communications billing and revenue management	scope:	eq	version:	7.5.0.23.0	Trust: 1.0
vendor:	oracle	model:	financial services hedge management and ifrs valuations	scope:	lte	version:	8.0.8	Trust: 1.0
vendor:	oracle	model:	financial services institutional performance analytics	scope:	eq	version:	8.0.7	Trust: 1.0
vendor:	oracle	model:	financial services data integration hub	scope:	eq	version:	8.0.6	Trust: 1.0
vendor:	opensuse	model:	leap	scope:	eq	version:	15.1	Trust: 1.0
vendor:	netapp	model:	h700s	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	financial services liquidity risk measurement and management	scope:	eq	version:	8.0.8	Trust: 1.0
vendor:	oracle	model:	retail customer management and segmentation foundation	scope:	eq	version:	19.0	Trust: 1.0
vendor:	netapp	model:	oncommand system manager	scope:	lte	version:	3.1.3	Trust: 1.0

sources: NVD: CVE-2020-11022

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-11022
value:	MEDIUM
Trust: 1.0
security-advisories@github.com:	CVE-2020-11022
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202004-2429
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-163559
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-11022
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-163559
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-11022
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 1.0
security-advisories@github.com:	CVE-2020-11022
baseSeverity:	MEDIUM
baseScore:	6.9
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	1.6
impactScore:	4.7
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-163559 // CNNVD: CNNVD-202004-2429 // NVD: CVE-2020-11022 // NVD: CVE-2020-11022

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.1

sources: VULHUB: VHN-163559 // NVD: CVE-2020-11022

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-2429

TYPE

xss

Trust: 0.8

sources: PACKETSTORM: 168835 // PACKETSTORM: 157905 // CNNVD: CNNVD-202004-2429

PATCH

title:

jQuery Fixes for cross-site scripting vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=117510

Trust: 0.6

sources: CNNVD: CNNVD-202004-2429

EXTERNAL IDS

db:	NVD	id:	CVE-2020-11022	Trust: 2.2
db:	PACKETSTORM	id:	162159	Trust: 1.7
db:	TENABLE	id:	TNS-2021-02	Trust: 1.7
db:	TENABLE	id:	TNS-2020-10	Trust: 1.7
db:	TENABLE	id:	TNS-2020-11	Trust: 1.7
db:	TENABLE	id:	TNS-2021-10	Trust: 1.7
db:	PACKETSTORM	id:	161727	Trust: 0.8
db:	PACKETSTORM	id:	170823	Trust: 0.7
db:	PACKETSTORM	id:	159852	Trust: 0.7
db:	PACKETSTORM	id:	160274	Trust: 0.7
db:	PACKETSTORM	id:	170821	Trust: 0.7
db:	PACKETSTORM	id:	159275	Trust: 0.7
db:	PACKETSTORM	id:	159353	Trust: 0.7
db:	PACKETSTORM	id:	168304	Trust: 0.7
db:	PACKETSTORM	id:	158750	Trust: 0.7
db:	PACKETSTORM	id:	159513	Trust: 0.7
db:	PACKETSTORM	id:	157850	Trust: 0.7
db:	PACKETSTORM	id:	158555	Trust: 0.7
db:	CNNVD	id:	CNNVD-202004-2429	Trust: 0.7
db:	PACKETSTORM	id:	157905	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.2694	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0620	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0845	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.4248	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3700	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2775	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1066	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2287	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1916	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3485	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0909	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1961	Trust: 0.6
db:	AUSCERT	id:	ESB-2023.0583	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3902	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3368	Trust: 0.6
db:	AUSCERT	id:	ESB-2023.0585	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2515	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1880	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1863	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1519	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0824	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2375	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0465	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3255	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2966	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.5150	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2525	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1804	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3875	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2660	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1925	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.1512	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2660.3	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3028	Trust: 0.6
db:	AUSCERT	id:	ESB-2023.1653	Trust: 0.6
db:	CS-HELP	id:	SB2022071412	Trust: 0.6
db:	CS-HELP	id:	SB2021042543	Trust: 0.6
db:	CS-HELP	id:	SB2022072094	Trust: 0.6
db:	CS-HELP	id:	SB2021101936	Trust: 0.6
db:	CS-HELP	id:	SB2022041931	Trust: 0.6
db:	CS-HELP	id:	SB2022042537	Trust: 0.6
db:	CS-HELP	id:	SB2022012403	Trust: 0.6
db:	CS-HELP	id:	SB2021072292	Trust: 0.6
db:	CS-HELP	id:	SB2022022516	Trust: 0.6
db:	CS-HELP	id:	SB2021072721	Trust: 0.6
db:	CS-HELP	id:	SB2022012754	Trust: 0.6
db:	CS-HELP	id:	SB2021042618	Trust: 0.6
db:	CS-HELP	id:	SB2021042302	Trust: 0.6
db:	CXSECURITY	id:	WLB-2022060033	Trust: 0.6
db:	EXPLOIT-DB	id:	49766	Trust: 0.6
db:	PACKETSTORM	id:	158406	Trust: 0.6
db:	PACKETSTORM	id:	158282	Trust: 0.6
db:	LENOVO	id:	LEN-60182	Trust: 0.6
db:	ICS CERT	id:	ICSA-22-097-01	Trust: 0.6
db:	NSFOCUS	id:	48898	Trust: 0.6
db:	PACKETSTORM	id:	171213	Trust: 0.2
db:	PACKETSTORM	id:	171214	Trust: 0.1
db:	PACKETSTORM	id:	171212	Trust: 0.1
db:	PACKETSTORM	id:	171215	Trust: 0.1
db:	PACKETSTORM	id:	159876	Trust: 0.1
db:	PACKETSTORM	id:	170819	Trust: 0.1
db:	PACKETSTORM	id:	170817	Trust: 0.1
db:	VULHUB	id:	VHN-163559	Trust: 0.1
db:	PACKETSTORM	id:	168835	Trust: 0.1
db:	PACKETSTORM	id:	171211	Trust: 0.1

sources: VULHUB: VHN-163559 // PACKETSTORM: 168835 // PACKETSTORM: 171213 // PACKETSTORM: 171211 // PACKETSTORM: 161727 // PACKETSTORM: 157905 // CNNVD: CNNVD-202004-2429 // NVD: CVE-2020-11022

REFERENCES

url:	http://packetstormsecurity.com/files/162159/jquery-1.2-cross-site-scripting.html	Trust: 2.3
url:	https://www.oracle.com/security-alerts/cpuapr2021.html	Trust: 2.3
url:	https://www.oracle.com/security-alerts/cpuapr2022.html	Trust: 2.3
url:	https://www.oracle.com/security-alerts/cpujan2021.html	Trust: 2.3
url:	https://www.oracle.com/security-alerts/cpujul2020.html	Trust: 2.3
url:	https://www.oracle.com/security-alerts/cpuoct2020.html	Trust: 2.3
url:	https://www.oracle.com/security-alerts/cpuoct2021.html	Trust: 2.3
url:	https://github.com/jquery/jquery/security/advisories/ghsa-gxr4-xjj5-5px2	Trust: 1.7
url:	https://security.netapp.com/advisory/ntap-20200511-0006/	Trust: 1.7
url:	https://www.drupal.org/sa-core-2020-002	Trust: 1.7
url:	https://www.tenable.com/security/tns-2020-10	Trust: 1.7
url:	https://www.tenable.com/security/tns-2020-11	Trust: 1.7
url:	https://www.tenable.com/security/tns-2021-02	Trust: 1.7
url:	https://www.tenable.com/security/tns-2021-10	Trust: 1.7
url:	https://www.debian.org/security/2020/dsa-4693	Trust: 1.7
url:	https://security.gentoo.org/glsa/202007-03	Trust: 1.7
url:	https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/	Trust: 1.7
url:	https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77	Trust: 1.7
url:	https://jquery.com/upgrade-guide/3.5/	Trust: 1.7
url:	https://www.oracle.com//security-alerts/cpujul2021.html	Trust: 1.7
url:	https://www.oracle.com/security-alerts/cpujan2022.html	Trust: 1.7
url:	https://www.oracle.com/security-alerts/cpujul2022.html	Trust: 1.7
url:	https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11022	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/avkyxlwclzbv2n7m46kyk4lva5oxwpby/	Trust: 1.0
url:	https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3cissues.flink.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3cdev.flink.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3cissues.flink.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133%40%3ccommits.airflow.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3cissues.flink.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3cissues.flink.apache.org%3e	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/sapqvx3xdnpgft26qaq6ajixzzbz4cd4/	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/qpn2l2xvqgua2v5hnqjwhk3apsk3vn7k/	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/voe7p7apprqkd4fgnhbkjpdy6ffcoh3w/	Trust: 1.0
url:	https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3cissues.flink.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3cissues.flink.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3cissues.flink.apache.org%3e	Trust: 1.0
url:	https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html	Trust: 1.0
url:	https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3cissues.flink.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3cissues.flink.apache.org%3e	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/sfp4uk4egp4afh2mwyj5a5z4i7xvfq6b/	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/avkyxlwclzbv2n7m46kyk4lva5oxwpby/	Trust: 0.7
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/voe7p7apprqkd4fgnhbkjpdy6ffcoh3w/	Trust: 0.7
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/qpn2l2xvqgua2v5hnqjwhk3apsk3vn7k/	Trust: 0.7
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/sfp4uk4egp4afh2mwyj5a5z4i7xvfq6b/	Trust: 0.7
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/sapqvx3xdnpgft26qaq6ajixzzbz4cd4/	Trust: 0.7
url:	https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133@%3ccommits.airflow.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67@%3cdev.flink.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d@%3cissues.flink.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48@%3cissues.flink.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760@%3cissues.flink.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c@%3cissues.flink.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3cissues.flink.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3cissues.flink.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3cissues.flink.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3cissues.flink.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36@%3cissues.flink.apache.org%3e	Trust: 0.7
url:	https://www.cybersecurity-help.cz/vdb/sb2022041931	Trust: 0.6
url:	https://packetstormsecurity.com/files/161727/red-hat-security-advisory-2021-0778-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/159275/red-hat-security-advisory-2020-3807-01.html	Trust: 0.6
url:	https://www.oracle.com/security-alerts/cpujul2021.html	Trust: 0.6
url:	https://www.exploit-db.com/exploits/49766	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/48898	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3875/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-jquery-vulnerabilities-affect-ibm-emptoris-strategic-supply-management-platform-cve-2020-11023-cve-2020-11022/	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/6520510	Trust: 0.6
url:	https://packetstormsecurity.com/files/158555/gentoo-linux-security-advisory-202007-03.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-jquery-as-used-by-ibm-qradar-network-packet-capture-is-vulnerable-to-cross-site-scripting-xss-cve-2020-11023-cve-2020-11022/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021072292	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities-10/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities-8/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2375/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1066	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.5150	Trust: 0.6
url:	https://packetstormsecurity.com/files/168304/red-hat-security-advisory-2022-6393-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021042543	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1804/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1925/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021042302	Trust: 0.6
url:	https://packetstormsecurity.com/files/160274/red-hat-security-advisory-2020-5249-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021072721	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022022516	Trust: 0.6
url:	https://packetstormsecurity.com/files/157850/red-hat-security-advisory-2020-2217-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022072094	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021101936	Trust: 0.6
url:	https://packetstormsecurity.com/files/158406/red-hat-security-advisory-2020-2412-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2660.3/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lms-on-premise-all-jquery-publicly-disclosed-vulnerability-cve-2020-11023-cve-2020-11022/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-workspace-is-affected-by-security-vulnerabilities-3/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jquery-affect-ibm-wiotp-messagegateway-cve-2020-11023-cve-2020-11022/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1916	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1519	Trust: 0.6
url:	https://packetstormsecurity.com/files/170821/red-hat-security-advisory-2023-0552-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2023.0585	Trust: 0.6
url:	https://packetstormsecurity.com/files/159852/red-hat-security-advisory-2020-4847-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2660/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2023.0583	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-license-key-server-administration-and-reporting-tool-is-impacted-by-multiple-vulnerabilities-in-jquery-bootstrap-and-angularjs/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerability-issues-affect-ibm-spectrum-symphony-7-3-1/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerabilities-in-jquery-might-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2020-7656-cve-2020-11022-cve-2020-11023/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3255/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3485/	Trust: 0.6
url:	https://packetstormsecurity.com/files/159513/red-hat-security-advisory-2020-4211-01.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lcms-premier-on-premise-all-jquery-publicly-disclosed-vulnerability-cve-2020-11023-cve-2020-11022/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.4248/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2287/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2966/	Trust: 0.6
url:	https://packetstormsecurity.com/files/157905/red-hat-security-advisory-2020-2362-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1880/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2023.1653	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2694/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022042537	Trust: 0.6
url:	https://packetstormsecurity.com/files/158282/red-hat-security-advisory-2020-2813-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021042618	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0845	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2775/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-jquery-affect-ibm-license-metric-tool-v9/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0824	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-verify-information-queue-uses-a-node-js-package-with-known-vulnerabilities-cve-2020-11023-cve-2020-11022/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1961/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1512	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerabilities-in-jquery-might-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2020-7656-cve-2020-11022-cve-2020-11023-2/	Trust: 0.6
url:	https://packetstormsecurity.com/files/159353/red-hat-security-advisory-2020-3936-01.html	Trust: 0.6
url:	https://support.lenovo.com/us/en/product_security/len-60182	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilites-affect-ibm-jazz-foundation-and-ibm-engineering-products-5/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3028/	Trust: 0.6
url:	https://cxsecurity.com/issue/wlb-2022060033	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2515	Trust: 0.6
url:	https://packetstormsecurity.com/files/158750/red-hat-security-advisory-2020-3247-01.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-jquery-as-used-in-ibm-security-qradar-packet-capture-is-vulnerable-to-cross-site-scripting-xss-cve-2020-11023-cve-2020-11022/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022012754	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0465	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/6525182	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-netcool-impact-is-affected-by-jquery-vulnerabilities-cve-2020-11022-cve-2020-11023/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-vulnerabilities-in-drupal-cve-2020-11022-cve-2020-11023/	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/6490381	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1863/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-vulnerabilities-in-drupal-cve-2020-11022-cve-2020-11023-2/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jquery-fixed-in-mobile-foundation-cve-2020-11023-cve-2020-11022/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3700/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022071412	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0909	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-fixed-in-ibm-security-identity-manager-virtual-appliance/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3902/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2525	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0620	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022012403	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-jquery-spring-dom4j-mongodb-linux-kernel-targetcli-fb-jackson-node-js-and-apache-commons-affect-ibm-spectrum-protect-plus/	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-22-097-01	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-has-been-identified-in-bigfix-platform-shipped-with-ibm-license-metric-tool-2/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3368/	Trust: 0.6
url:	https://packetstormsecurity.com/files/170823/red-hat-security-advisory-2023-0553-01.html	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11023	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-11022	Trust: 0.4
url:	https://bugzilla.redhat.com/):	Trust: 0.4
url:	https://access.redhat.com/security/team/contact/	Trust: 0.4
url:	https://access.redhat.com/articles/11258	Trust: 0.3
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-11023	Trust: 0.3
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2022-38750	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14042	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-1471	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14040	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1438	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-3916	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-40150	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-40149	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-25857	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-46175	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-35065	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-45047	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-46364	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-44906	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-44906	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2023-0091	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-24785	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-3782	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-42004	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-2764	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-2764	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-4137	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-46363	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1471	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2023-0264	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-38751	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-1274	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-37603	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-45693	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-38749	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-31129	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-35065	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-42003	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-1438	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25857	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-14042	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-24785	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-14040	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11358	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-11358	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1274	Trust: 0.2
url:	https://access.redhat.com/security/team/key/	Trust: 0.2
url:	https://security-tracker.debian.org/tracker/drupal7	Trust: 0.1
url:	https://www.debian.org/security/faq	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-2237	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2023:1049	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-2237	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-31129	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2023:1044	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12723	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17006	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-20907	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-12749	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-12401	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12402	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1971	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14866	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20372	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10878	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20228	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-7595	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20843	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20253	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-17006	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-11719	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20388	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12401	Trust: 0.1
url:	https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-17023	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17023	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12749	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-6829	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:0778	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-14866	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-8177	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-12403	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12400	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-20388	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-12723	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19956	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11756	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-11756	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-12243	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10543	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-12400	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20191	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-11727	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12243	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-1971	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11719	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20180	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11727	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-5766	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12403	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-15903	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10878	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20178	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-5766	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-15903	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-20372	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-19956	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-17498	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17498	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20907	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10543	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-35678	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-20843	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-12402	Trust: 0.1
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:2362	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-10744	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12459	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-7598	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-12459	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10744	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-7598	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.1

CREDITS

Central Infosec

Trust: 0.6

sources: CNNVD: CNNVD-202004-2429

SOURCES

db:	VULHUB	id:	VHN-163559
db:	PACKETSTORM	id:	168835
db:	PACKETSTORM	id:	171213
db:	PACKETSTORM	id:	171211
db:	PACKETSTORM	id:	161727
db:	PACKETSTORM	id:	157905
db:	CNNVD	id:	CNNVD-202004-2429
db:	NVD	id:	CVE-2020-11022

LAST UPDATE DATE

2026-02-05T13:28:12.925000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-163559	date:	2022-07-25T00:00:00
db:	CNNVD	id:	CNNVD-202004-2429	date:	2023-03-21T00:00:00
db:	NVD	id:	CVE-2020-11022	date:	2024-11-21T04:56:36.110

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-163559	date:	2020-04-29T00:00:00
db:	PACKETSTORM	id:	168835	date:	2020-05-28T19:12:00
db:	PACKETSTORM	id:	171213	date:	2023-03-02T15:19:28
db:	PACKETSTORM	id:	171211	date:	2023-03-02T15:19:02
db:	PACKETSTORM	id:	161727	date:	2021-03-09T16:25:11
db:	PACKETSTORM	id:	157905	date:	2020-06-02T22:47:18
db:	CNNVD	id:	CNNVD-202004-2429	date:	2020-04-29T00:00:00
db:	NVD	id:	CVE-2020-11022	date:	2020-04-29T22:15:11.903