Details of VAR-202004-2199

ID

VAR-202004-2199

CVE

CVE-2020-11023

TITLE

Red Hat Security Advisory 2023-1044-01

Trust: 0.1

sources: PACKETSTORM: 171211

DESCRIPTION

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. jQuery is an open source, cross-browser JavaScript library developed by American John Resig programmers. The library simplifies the operation between HTML and JavaScript, and has the characteristics of modularization and plug-in extension. A cross-site scripting vulnerability exists in jQuery versions 1.0.3 through 3.5.0. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. Description: Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Description: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. Security Fix(es): * jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358) * jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251) * bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040) * jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods (CVE-2020-11023) * jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022) * bootstrap: XSS in the data-target attribute (CVE-2016-10735) * bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy (CVE-2018-14041) * sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047) * woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152) * bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042) * bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331) * nodejs-moment: Regular expression denial of service (CVE-2017-18214) * wildfly-elytron: possible timing attacks via use of unsafe comparator (CVE-2022-3143) * jackson-databind: use of deeply nested arrays (CVE-2022-42004) * jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003) * jettison: parser crash by stackoverflow (CVE-2022-40149) * jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150) * jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693) * CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364) 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1399546 - CVE-2015-9251 jquery: Cross-site scripting via cross-domain ajax requests 1553413 - CVE-2017-18214 nodejs-moment: Regular expression denial of service 1601614 - CVE-2018-14040 bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute 1601616 - CVE-2018-14041 bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy 1601617 - CVE-2018-14042 bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip 1668097 - CVE-2016-10735 bootstrap: XSS in the data-target attribute 1686454 - CVE-2019-8331 bootstrap: XSS in the tooltip or popover data-template attribute 1701972 - CVE-2019-11358 jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1850004 - CVE-2020-11023 jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods 2124682 - CVE-2022-3143 wildfly-elytron: possible timing attacks via use of unsafe comparator 2134291 - CVE-2022-40152 woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks 2135244 - CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS 2135247 - CVE-2022-42004 jackson-databind: use of deeply nested arrays 2135770 - CVE-2022-40150 jettison: memory exhaustion via user-supplied XML or JSON data 2135771 - CVE-2022-40149 jettison: parser crash by stackoverflow 2145194 - CVE-2022-45047 mina-sshd: Java unsafe deserialization vulnerability 2155682 - CVE-2022-46364 Apache CXF: SSRF Vulnerability 2155970 - CVE-2022-45693 jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos 6. JIRA issues fixed (https://issues.jboss.org/): JBEAP-23864 - (7.4.z) Upgrade xmlsec from 2.1.7.redhat-00001 to 2.2.3.redhat-00001 JBEAP-23865 - [GSS](7.4.z) Upgrade Apache CXF from 3.3.13.redhat-00001 to 3.4.10.redhat-00001 JBEAP-23866 - (7.4.z) Upgrade wss4j from 2.2.7.redhat-00001 to 2.3.3.redhat-00001 JBEAP-23926 - Tracker bug for the EAP 7.4.9 release for RHEL-7 JBEAP-24055 - (7.4.z) Upgrade HAL from 3.3.15.Final-redhat-00001 to 3.3.16.Final-redhat-00001 JBEAP-24081 - (7.4.z) Upgrade Elytron from 1.15.14.Final-redhat-00001 to 1.15.15.Final-redhat-00001 JBEAP-24095 - (7.4.z) Upgrade elytron-web from 1.9.2.Final-redhat-00001 to 1.9.3.Final-redhat-00001 JBEAP-24100 - [GSS](7.4.z) Upgrade Undertow from 2.2.20.SP1-redhat-00001 to 2.2.22.SP3-redhat-00001 JBEAP-24127 - (7.4.z) UNDERTOW-2123 - Update AsyncContextImpl.dispatch to use proper value JBEAP-24128 - (7.4.z) Upgrade Hibernate Search from 5.10.7.Final-redhat-00001 to 5.10.13.Final-redhat-00001 JBEAP-24132 - [GSS](7.4.z) Upgrade Ironjacamar from 1.5.3.SP2-redhat-00001 to 1.5.10.Final-redhat-00001 JBEAP-24147 - (7.4.z) Upgrade jboss-ejb-client from 4.0.45.Final-redhat-00001 to 4.0.49.Final-redhat-00001 JBEAP-24167 - (7.4.z) Upgrade WildFly Core from 15.0.19.Final-redhat-00001 to 15.0.21.Final-redhat-00002 JBEAP-24191 - [GSS](7.4.z) Upgrade remoting from 5.0.26.SP1-redhat-00001 to 5.0.27.Final-redhat-00001 JBEAP-24195 - [GSS](7.4.z) Upgrade JSF API from 3.0.0.SP06-redhat-00001 to 3.0.0.SP07-redhat-00001 JBEAP-24207 - (7.4.z) Upgrade Soteria from 1.0.1.redhat-00002 to 1.0.1.redhat-00003 JBEAP-24248 - (7.4.z) ELY-2492 - Upgrade sshd-common in Elytron from 2.7.0 to 2.9.2 JBEAP-24426 - (7.4.z) Upgrade Elytron from 1.15.15.Final-redhat-00001 to 1.15.16.Final-redhat-00001 JBEAP-24427 - (7.4.z) Upgrade WildFly Core from 15.0.21.Final-redhat-00002 to 15.0.22.Final-redhat-00001 7. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update Advisory ID: RHSA-2021:1846-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:1846 Issue date: 2021-05-18 CVE Names: CVE-2020-11023 ==================================================================== 1. Summary: An update for the idm:DL1 and idm:client modules is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 871208 - ipa sudorule-add-user should accept external users 1340463 - [RFE] Implement pam_pwquality featureset in IPA password policies 1357495 - ipa command provides stack trace when provided with single hypen commands 1484088 - [RFE]: Able to browse different links from IPA web gui in new tabs 1542737 - Incorrect certs are being updated with "ipa-certupdate" 1544379 - ipa-client-install changes system wide ssh configuration 1660877 - kinit is failing due to overflow in Root CA certificate's timestamp 1779981 - ipa-cert-fix warning message should use commercial name for the product. 1780328 - ipa-healthcheck - Mention that the default output format is JSON. 1780510 - Source 'ipahealthcheck.ipa.topology' not found is displayed when ipactl service is stopped 1780782 - ipa-cert-fix tool fails when the Dogtag CA SSL CSR is missing from CS.cfg 1784657 - Unlock user accounts after a password reset and replicate that unlock to all IdM servers 1809215 - Man page has incorrect examples; log location for healthcheck tool 1810148 - ipa-server-certinstall raises exception when installing IPA-issued web server cert 1812871 - Intermittent IdM Client Registration Failures 1824193 - Add Directory Server Healthchecks from lib389 1850004 - CVE-2020-11023 jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution 1851835 - [RFE] IdM short-term certificates ACME provider 1857272 - negative option for token.mechanism not working correctly 1860129 - ipa trust-add fails when FIPS enabled 1866558 - ipa-healthcheck --input-file returns 1 on exit 1872603 - KRA Transport and Storage Certificates do not renew 1875001 - It is not possible to edit KDC database when the FreeIPA server is running 1882340 - nsslapd-db-locks patching no longer works 1891056 - ipa-kdb: support subordinate/superior UPN suffixes 1891505 - ipa-healthcheck returns msg": "{sssctl} {key} reports mismatch: sssd domains {sssd_domains} trust domains {trust_domains}" 1891735 - [Rebase] Rebase bind-dyndb-ldap to the recent upstream release 1891741 - [Rebase] Rebase slapi-nis to recent upstream release 1891832 - [Rebase] Rebase FreeIPA to a recent upstream release 1891850 - [Rebase] Rebase ipa-healthcheck to 0.7 upstream release 1894800 - IPA WebUI inaccessible after upgrading to RHEL 8.3.- idoverride-memberof.js missing 1901068 - Traceback while doing ipa-backup 1902173 - Uninstallation of IPA server with KRA installed displays 'ERROR: subprocess.CalledProcessError:' 1902727 - ipa-acme-manage enable fails after upgrade 1903025 - test failure in test_acme.py::TestACME::test_third_party_certs 1904484 - [Rebase] Rebase opendnssec to 2.1.7 1904612 - bind-dyndb-ldap: Rebased bind modifies so versions 1905919 - ipa-server-upgrade fails with traceback "exception: KeyError: 'DOMAIN'" 1909876 - ipa uninstall fails when dns not installed 1912845 - ipa-certupdate drops profile from the caSigningCert tracking 1922955 - Resubmitting KDC cert fails with internal server error 1923900 - Samba on IdM member failure 1924026 - Fix upstream test test_trust.py::test_subordinate_suffix 1924501 - ipa-client-install: Error trying to clean keytab: /usr/sbin/ipa-rmkeytab returned 7 1924812 - Fix upstream test test_smb.py::TestSMB::test_authentication_with_smb_cifs_principal_alias 1925410 - Cannot delete sudocmd with typo error e.g. "/usr/sbin/reboot." 1926699 - avc denial for gpg-agent with systemd-run 1926910 - ipa cert-remove-hold <invalid_cert_id> returns an incorrect error message 1928900 - Support new baseURL config option for ACME 1930426 - IPA krb5kdc crash possible doublefree ipadb_mspac_struct_free finish_process_as_req 1932289 - Sync ipatests from upstream to RHEL packages for FreeIPA 4.9 branch 1939371 - ipa-client-install displays false message 'sudo binary does not seem to be present on this system' 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: bind-dyndb-ldap-11.6-2.module+el8.4.0+9328+4ec4e316.src.rpm custodia-0.6.0-3.module+el8.1.0+4098+f286395e.src.rpm ipa-4.9.2-3.module+el8.4.0+10412+5ecb5b37.src.rpm ipa-4.9.2-3.module+el8.4.0+10413+a92f1bfa.src.rpm ipa-healthcheck-0.7-3.module+el8.4.0+9007+5084bdd8.src.rpm ipa-healthcheck-0.7-3.module+el8.4.0+9008+94c5103b.src.rpm opendnssec-2.1.7-1.module+el8.4.0+9007+5084bdd8.src.rpm python-jwcrypto-0.5.0-1.module+el8.1.0+4098+f286395e.src.rpm python-jwcrypto-0.5.0-1.module+el8.1.0+4107+4a66eb87.src.rpm python-kdcproxy-0.4-5.module+el8.2.0+4691+a05b2456.src.rpm python-qrcode-5.1-12.module+el8.1.0+4098+f286395e.src.rpm python-qrcode-5.1-12.module+el8.1.0+4107+4a66eb87.src.rpm python-yubico-1.3.2-9.module+el8.1.0+4098+f286395e.src.rpm python-yubico-1.3.2-9.module+el8.1.0+4107+4a66eb87.src.rpm pyusb-1.0.0-9.module+el8.1.0+4098+f286395e.src.rpm pyusb-1.0.0-9.module+el8.1.0+4107+4a66eb87.src.rpm slapi-nis-0.56.6-1.module+el8.4.0+9005+f55ff3e7.src.rpm softhsm-2.6.0-5.module+el8.4.0+10227+076cd560.src.rpm aarch64: bind-dyndb-ldap-11.6-2.module+el8.4.0+9328+4ec4e316.aarch64.rpm bind-dyndb-ldap-debuginfo-11.6-2.module+el8.4.0+9328+4ec4e316.aarch64.rpm bind-dyndb-ldap-debugsource-11.6-2.module+el8.4.0+9328+4ec4e316.aarch64.rpm ipa-client-4.9.2-3.module+el8.4.0+10412+5ecb5b37.aarch64.rpm ipa-client-4.9.2-3.module+el8.4.0+10413+a92f1bfa.aarch64.rpm ipa-client-debuginfo-4.9.2-3.module+el8.4.0+10412+5ecb5b37.aarch64.rpm ipa-client-debuginfo-4.9.2-3.module+el8.4.0+10413+a92f1bfa.aarch64.rpm ipa-client-epn-4.9.2-3.module+el8.4.0+10412+5ecb5b37.aarch64.rpm ipa-client-epn-4.9.2-3.module+el8.4.0+10413+a92f1bfa.aarch64.rpm ipa-client-samba-4.9.2-3.module+el8.4.0+10412+5ecb5b37.aarch64.rpm ipa-client-samba-4.9.2-3.module+el8.4.0+10413+a92f1bfa.aarch64.rpm ipa-debuginfo-4.9.2-3.module+el8.4.0+10412+5ecb5b37.aarch64.rpm ipa-debuginfo-4.9.2-3.module+el8.4.0+10413+a92f1bfa.aarch64.rpm ipa-debugsource-4.9.2-3.module+el8.4.0+10412+5ecb5b37.aarch64.rpm ipa-debugsource-4.9.2-3.module+el8.4.0+10413+a92f1bfa.aarch64.rpm ipa-server-4.9.2-3.module+el8.4.0+10412+5ecb5b37.aarch64.rpm ipa-server-debuginfo-4.9.2-3.module+el8.4.0+10412+5ecb5b37.aarch64.rpm ipa-server-trust-ad-4.9.2-3.module+el8.4.0+10412+5ecb5b37.aarch64.rpm ipa-server-trust-ad-debuginfo-4.9.2-3.module+el8.4.0+10412+5ecb5b37.aarch64.rpm opendnssec-2.1.7-1.module+el8.4.0+9007+5084bdd8.aarch64.rpm opendnssec-debuginfo-2.1.7-1.module+el8.4.0+9007+5084bdd8.aarch64.rpm opendnssec-debugsource-2.1.7-1.module+el8.4.0+9007+5084bdd8.aarch64.rpm slapi-nis-0.56.6-1.module+el8.4.0+9005+f55ff3e7.aarch64.rpm slapi-nis-debuginfo-0.56.6-1.module+el8.4.0+9005+f55ff3e7.aarch64.rpm slapi-nis-debugsource-0.56.6-1.module+el8.4.0+9005+f55ff3e7.aarch64.rpm softhsm-2.6.0-5.module+el8.4.0+10227+076cd560.aarch64.rpm softhsm-debuginfo-2.6.0-5.module+el8.4.0+10227+076cd560.aarch64.rpm softhsm-debugsource-2.6.0-5.module+el8.4.0+10227+076cd560.aarch64.rpm softhsm-devel-2.6.0-5.module+el8.4.0+10227+076cd560.aarch64.rpm noarch: custodia-0.6.0-3.module+el8.1.0+4098+f286395e.noarch.rpm ipa-client-common-4.9.2-3.module+el8.4.0+10412+5ecb5b37.noarch.rpm ipa-client-common-4.9.2-3.module+el8.4.0+10413+a92f1bfa.noarch.rpm ipa-common-4.9.2-3.module+el8.4.0+10412+5ecb5b37.noarch.rpm ipa-common-4.9.2-3.module+el8.4.0+10413+a92f1bfa.noarch.rpm ipa-healthcheck-0.7-3.module+el8.4.0+9007+5084bdd8.noarch.rpm ipa-healthcheck-core-0.7-3.module+el8.4.0+9007+5084bdd8.noarch.rpm ipa-healthcheck-core-0.7-3.module+el8.4.0+9008+94c5103b.noarch.rpm ipa-python-compat-4.9.2-3.module+el8.4.0+10412+5ecb5b37.noarch.rpm ipa-python-compat-4.9.2-3.module+el8.4.0+10413+a92f1bfa.noarch.rpm ipa-selinux-4.9.2-3.module+el8.4.0+10412+5ecb5b37.noarch.rpm ipa-selinux-4.9.2-3.module+el8.4.0+10413+a92f1bfa.noarch.rpm ipa-server-common-4.9.2-3.module+el8.4.0+10412+5ecb5b37.noarch.rpm ipa-server-dns-4.9.2-3.module+el8.4.0+10412+5ecb5b37.noarch.rpm python3-custodia-0.6.0-3.module+el8.1.0+4098+f286395e.noarch.rpm python3-ipaclient-4.9.2-3.module+el8.4.0+10412+5ecb5b37.noarch.rpm python3-ipaclient-4.9.2-3.module+el8.4.0+10413+a92f1bfa.noarch.rpm python3-ipalib-4.9.2-3.module+el8.4.0+10412+5ecb5b37.noarch.rpm python3-ipalib-4.9.2-3.module+el8.4.0+10413+a92f1bfa.noarch.rpm python3-ipaserver-4.9.2-3.module+el8.4.0+10412+5ecb5b37.noarch.rpm python3-ipatests-4.9.2-3.module+el8.4.0+10412+5ecb5b37.noarch.rpm python3-jwcrypto-0.5.0-1.module+el8.1.0+4098+f286395e.noarch.rpm python3-jwcrypto-0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch.rpm python3-kdcproxy-0.4-5.module+el8.2.0+4691+a05b2456.noarch.rpm python3-pyusb-1.0.0-9.module+el8.1.0+4098+f286395e.noarch.rpm python3-pyusb-1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch.rpm python3-qrcode-5.1-12.module+el8.1.0+4098+f286395e.noarch.rpm python3-qrcode-5.1-12.module+el8.1.0+4107+4a66eb87.noarch.rpm python3-qrcode-core-5.1-12.module+el8.1.0+4098+f286395e.noarch.rpm python3-qrcode-core-5.1-12.module+el8.1.0+4107+4a66eb87.noarch.rpm python3-yubico-1.3.2-9.module+el8.1.0+4098+f286395e.noarch.rpm python3-yubico-1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch.rpm ppc64le: bind-dyndb-ldap-11.6-2.module+el8.4.0+9328+4ec4e316.ppc64le.rpm bind-dyndb-ldap-debuginfo-11.6-2.module+el8.4.0+9328+4ec4e316.ppc64le.rpm bind-dyndb-ldap-debugsource-11.6-2.module+el8.4.0+9328+4ec4e316.ppc64le.rpm ipa-client-4.9.2-3.module+el8.4.0+10412+5ecb5b37.ppc64le.rpm ipa-client-4.9.2-3.module+el8.4.0+10413+a92f1bfa.ppc64le.rpm ipa-client-debuginfo-4.9.2-3.module+el8.4.0+10412+5ecb5b37.ppc64le.rpm ipa-client-debuginfo-4.9.2-3.module+el8.4.0+10413+a92f1bfa.ppc64le.rpm ipa-client-epn-4.9.2-3.module+el8.4.0+10412+5ecb5b37.ppc64le.rpm ipa-client-epn-4.9.2-3.module+el8.4.0+10413+a92f1bfa.ppc64le.rpm ipa-client-samba-4.9.2-3.module+el8.4.0+10412+5ecb5b37.ppc64le.rpm ipa-client-samba-4.9.2-3.module+el8.4.0+10413+a92f1bfa.ppc64le.rpm ipa-debuginfo-4.9.2-3.module+el8.4.0+10412+5ecb5b37.ppc64le.rpm ipa-debuginfo-4.9.2-3.module+el8.4.0+10413+a92f1bfa.ppc64le.rpm ipa-debugsource-4.9.2-3.module+el8.4.0+10412+5ecb5b37.ppc64le.rpm ipa-debugsource-4.9.2-3.module+el8.4.0+10413+a92f1bfa.ppc64le.rpm ipa-server-4.9.2-3.module+el8.4.0+10412+5ecb5b37.ppc64le.rpm ipa-server-debuginfo-4.9.2-3.module+el8.4.0+10412+5ecb5b37.ppc64le.rpm ipa-server-trust-ad-4.9.2-3.module+el8.4.0+10412+5ecb5b37.ppc64le.rpm ipa-server-trust-ad-debuginfo-4.9.2-3.module+el8.4.0+10412+5ecb5b37.ppc64le.rpm opendnssec-2.1.7-1.module+el8.4.0+9007+5084bdd8.ppc64le.rpm opendnssec-debuginfo-2.1.7-1.module+el8.4.0+9007+5084bdd8.ppc64le.rpm opendnssec-debugsource-2.1.7-1.module+el8.4.0+9007+5084bdd8.ppc64le.rpm slapi-nis-0.56.6-1.module+el8.4.0+9005+f55ff3e7.ppc64le.rpm slapi-nis-debuginfo-0.56.6-1.module+el8.4.0+9005+f55ff3e7.ppc64le.rpm slapi-nis-debugsource-0.56.6-1.module+el8.4.0+9005+f55ff3e7.ppc64le.rpm softhsm-2.6.0-5.module+el8.4.0+10227+076cd560.ppc64le.rpm softhsm-debuginfo-2.6.0-5.module+el8.4.0+10227+076cd560.ppc64le.rpm softhsm-debugsource-2.6.0-5.module+el8.4.0+10227+076cd560.ppc64le.rpm softhsm-devel-2.6.0-5.module+el8.4.0+10227+076cd560.ppc64le.rpm s390x: bind-dyndb-ldap-11.6-2.module+el8.4.0+9328+4ec4e316.s390x.rpm bind-dyndb-ldap-debuginfo-11.6-2.module+el8.4.0+9328+4ec4e316.s390x.rpm bind-dyndb-ldap-debugsource-11.6-2.module+el8.4.0+9328+4ec4e316.s390x.rpm ipa-client-4.9.2-3.module+el8.4.0+10412+5ecb5b37.s390x.rpm ipa-client-4.9.2-3.module+el8.4.0+10413+a92f1bfa.s390x.rpm ipa-client-debuginfo-4.9.2-3.module+el8.4.0+10412+5ecb5b37.s390x.rpm ipa-client-debuginfo-4.9.2-3.module+el8.4.0+10413+a92f1bfa.s390x.rpm ipa-client-epn-4.9.2-3.module+el8.4.0+10412+5ecb5b37.s390x.rpm ipa-client-epn-4.9.2-3.module+el8.4.0+10413+a92f1bfa.s390x.rpm ipa-client-samba-4.9.2-3.module+el8.4.0+10412+5ecb5b37.s390x.rpm ipa-client-samba-4.9.2-3.module+el8.4.0+10413+a92f1bfa.s390x.rpm ipa-debuginfo-4.9.2-3.module+el8.4.0+10412+5ecb5b37.s390x.rpm ipa-debuginfo-4.9.2-3.module+el8.4.0+10413+a92f1bfa.s390x.rpm ipa-debugsource-4.9.2-3.module+el8.4.0+10412+5ecb5b37.s390x.rpm ipa-debugsource-4.9.2-3.module+el8.4.0+10413+a92f1bfa.s390x.rpm ipa-server-4.9.2-3.module+el8.4.0+10412+5ecb5b37.s390x.rpm ipa-server-debuginfo-4.9.2-3.module+el8.4.0+10412+5ecb5b37.s390x.rpm ipa-server-trust-ad-4.9.2-3.module+el8.4.0+10412+5ecb5b37.s390x.rpm ipa-server-trust-ad-debuginfo-4.9.2-3.module+el8.4.0+10412+5ecb5b37.s390x.rpm opendnssec-2.1.7-1.module+el8.4.0+9007+5084bdd8.s390x.rpm opendnssec-debuginfo-2.1.7-1.module+el8.4.0+9007+5084bdd8.s390x.rpm opendnssec-debugsource-2.1.7-1.module+el8.4.0+9007+5084bdd8.s390x.rpm slapi-nis-0.56.6-1.module+el8.4.0+9005+f55ff3e7.s390x.rpm slapi-nis-debuginfo-0.56.6-1.module+el8.4.0+9005+f55ff3e7.s390x.rpm slapi-nis-debugsource-0.56.6-1.module+el8.4.0+9005+f55ff3e7.s390x.rpm softhsm-2.6.0-5.module+el8.4.0+10227+076cd560.s390x.rpm softhsm-debuginfo-2.6.0-5.module+el8.4.0+10227+076cd560.s390x.rpm softhsm-debugsource-2.6.0-5.module+el8.4.0+10227+076cd560.s390x.rpm softhsm-devel-2.6.0-5.module+el8.4.0+10227+076cd560.s390x.rpm x86_64: bind-dyndb-ldap-11.6-2.module+el8.4.0+9328+4ec4e316.x86_64.rpm bind-dyndb-ldap-debuginfo-11.6-2.module+el8.4.0+9328+4ec4e316.x86_64.rpm bind-dyndb-ldap-debugsource-11.6-2.module+el8.4.0+9328+4ec4e316.x86_64.rpm ipa-client-4.9.2-3.module+el8.4.0+10412+5ecb5b37.x86_64.rpm ipa-client-4.9.2-3.module+el8.4.0+10413+a92f1bfa.x86_64.rpm ipa-client-debuginfo-4.9.2-3.module+el8.4.0+10412+5ecb5b37.x86_64.rpm ipa-client-debuginfo-4.9.2-3.module+el8.4.0+10413+a92f1bfa.x86_64.rpm ipa-client-epn-4.9.2-3.module+el8.4.0+10412+5ecb5b37.x86_64.rpm ipa-client-epn-4.9.2-3.module+el8.4.0+10413+a92f1bfa.x86_64.rpm ipa-client-samba-4.9.2-3.module+el8.4.0+10412+5ecb5b37.x86_64.rpm ipa-client-samba-4.9.2-3.module+el8.4.0+10413+a92f1bfa.x86_64.rpm ipa-debuginfo-4.9.2-3.module+el8.4.0+10412+5ecb5b37.x86_64.rpm ipa-debuginfo-4.9.2-3.module+el8.4.0+10413+a92f1bfa.x86_64.rpm ipa-debugsource-4.9.2-3.module+el8.4.0+10412+5ecb5b37.x86_64.rpm ipa-debugsource-4.9.2-3.module+el8.4.0+10413+a92f1bfa.x86_64.rpm ipa-server-4.9.2-3.module+el8.4.0+10412+5ecb5b37.x86_64.rpm ipa-server-debuginfo-4.9.2-3.module+el8.4.0+10412+5ecb5b37.x86_64.rpm ipa-server-trust-ad-4.9.2-3.module+el8.4.0+10412+5ecb5b37.x86_64.rpm ipa-server-trust-ad-debuginfo-4.9.2-3.module+el8.4.0+10412+5ecb5b37.x86_64.rpm opendnssec-2.1.7-1.module+el8.4.0+9007+5084bdd8.x86_64.rpm opendnssec-debuginfo-2.1.7-1.module+el8.4.0+9007+5084bdd8.x86_64.rpm opendnssec-debugsource-2.1.7-1.module+el8.4.0+9007+5084bdd8.x86_64.rpm slapi-nis-0.56.6-1.module+el8.4.0+9005+f55ff3e7.x86_64.rpm slapi-nis-debuginfo-0.56.6-1.module+el8.4.0+9005+f55ff3e7.x86_64.rpm slapi-nis-debugsource-0.56.6-1.module+el8.4.0+9005+f55ff3e7.x86_64.rpm softhsm-2.6.0-5.module+el8.4.0+10227+076cd560.x86_64.rpm softhsm-debuginfo-2.6.0-5.module+el8.4.0+10227+076cd560.x86_64.rpm softhsm-debugsource-2.6.0-5.module+el8.4.0+10227+076cd560.x86_64.rpm softhsm-devel-2.6.0-5.module+el8.4.0+10227+076cd560.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-11023 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYKPw+NzjgjWX9erEAQgLfw/9E1NpAyu3mF6dxWjh4ToapdkcAwPCcq1S 3iF/N4LrrpTfh6k+1H7OkYJ/pKp/DIbdTvJMpk7jsye7qAQZfpBxLr77zhvYFXeA 2ExnOgb/RM/6aVZ09SnlppJk10T6r+WNlmuBLFPejlX3JWTU0uvrK5LJvnlYctqF +WymKWqlVs//iumxeAcZGIuRJToBVyTMr8+pAkkpTHd+gWzwNdOnABk5etgqnHhQ NCyh4pEuYzcAE0T9TIrYAlPON9ejIVSgGLedsSWvBZln4gVcBx+L4gObnCu00Vgd fe0q6gUTonlU2yBeRNuDw41cimTxmow9A4epcmiLFY2GAwM4RuWG+i4P1lnb0wYv AxilFujIr/WPYtJIfHlFALJ2WQvjl25DHZ7IbldnhfmdS2nX6rY5P5sj/AgfNCmJ hFObeg6V6h0t2R0om0OsQqCaewx1fJoSlelvhg06WQDuZKW0lFiPeXQCVlojptTC H6iZ9/Yp1VzSwnu9u/TtYsRbZM0MSlBZrk9hXFH4H0IW4ZyWx8HABu83wLMA9+E0 FHdRhNLOeWF3aFk3QfA+LVRDLpOw5tmaMHZ1ezTsAYiBg/rzWDY0n9zLr8DJ6iKL GIDysRlAIIivbw8nVSllT1ENHAO6hjkw0Ek/Ke2C4fWPLLSshmvPRxsW3TT34MsD S706EKr7y88=PLEr -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Solution: For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html 4. Description: Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation

Trust: 1.8

sources: NVD: CVE-2020-11023 // VULHUB: VHN-163560 // VULMON: CVE-2020-11023 // PACKETSTORM: 171211 // PACKETSTORM: 170821 // PACKETSTORM: 170817 // PACKETSTORM: 170823 // PACKETSTORM: 162651 // PACKETSTORM: 161727 // PACKETSTORM: 160548 // PACKETSTORM: 158797

AFFECTED PRODUCTS

vendor:	drupal	model:	drupal	scope:	lt	version:	8.7.14	Trust: 1.0
vendor:	oracle	model:	communications eagle application processor	scope:	lte	version:	16.4.0	Trust: 1.0
vendor:	oracle	model:	primavera gateway	scope:	lte	version:	19.12.4	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	31	Trust: 1.0
vendor:	oracle	model:	communications element manager	scope:	eq	version:	8.1.1	Trust: 1.0
vendor:	oracle	model:	storagetek tape analytics sw tool	scope:	eq	version:	2.3.1	Trust: 1.0
vendor:	oracle	model:	blockchain platform	scope:	eq	version:	21.1.2	Trust: 1.0
vendor:	netapp	model:	h700e	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	h410s	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	communications interactive session recorder	scope:	lte	version:	6.4	Trust: 1.0
vendor:	oracle	model:	storagetek acsls	scope:	eq	version:	8.5.1	Trust: 1.0
vendor:	oracle	model:	rest data services	scope:	eq	version:	18c	Trust: 1.0
vendor:	oracle	model:	primavera gateway	scope:	gte	version:	18.8.0	Trust: 1.0
vendor:	netapp	model:	h500e	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	communications operations monitor	scope:	lte	version:	4.3	Trust: 1.0
vendor:	oracle	model:	siebel mobile	scope:	lte	version:	20.12	Trust: 1.0
vendor:	tenable	model:	log correlation engine	scope:	lt	version:	6.0.9	Trust: 1.0
vendor:	oracle	model:	rest data services	scope:	eq	version:	19c	Trust: 1.0
vendor:	oracle	model:	banking platform	scope:	gte	version:	2.4.0	Trust: 1.0
vendor:	netapp	model:	h410c	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	cloud insights storage workload security agent	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	communications session report manager	scope:	eq	version:	8.1.1	Trust: 1.0
vendor:	oracle	model:	communications eagle application processor	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	drupal	model:	drupal	scope:	gte	version:	8.8.0	Trust: 1.0
vendor:	oracle	model:	communications interactive session recorder	scope:	gte	version:	6.1	Trust: 1.0
vendor:	oracle	model:	hyperion financial reporting	scope:	eq	version:	11.1.2.4	Trust: 1.0
vendor:	oracle	model:	jd edwards enterpriseone orchestrator	scope:	lt	version:	9.2.5.0	Trust: 1.0
vendor:	netapp	model:	hci baseboard management controller	scope:	eq	version:	-	Trust: 1.0
vendor:	drupal	model:	drupal	scope:	gte	version:	8.7.0	Trust: 1.0
vendor:	jquery	model:	jquery	scope:	lt	version:	3.5.0	Trust: 1.0
vendor:	oracle	model:	blockchain platform	scope:	lt	version:	21.1.2	Trust: 1.0
vendor:	oracle	model:	communications analytics	scope:	eq	version:	12.1.1	Trust: 1.0
vendor:	oracle	model:	primavera gateway	scope:	lte	version:	17.12.7	Trust: 1.0
vendor:	oracle	model:	communications operations monitor	scope:	eq	version:	3.4	Trust: 1.0
vendor:	oracle	model:	banking platform	scope:	lte	version:	2.10.0	Trust: 1.0
vendor:	netapp	model:	cloud backup	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	rest data services	scope:	eq	version:	12.2.0.1	Trust: 1.0
vendor:	oracle	model:	primavera gateway	scope:	lte	version:	16.2.11	Trust: 1.0
vendor:	oracle	model:	communications operations monitor	scope:	gte	version:	4.1	Trust: 1.0
vendor:	netapp	model:	oncommand system manager	scope:	gte	version:	3.0	Trust: 1.0
vendor:	oracle	model:	health sciences inform	scope:	eq	version:	6.3.0	Trust: 1.0
vendor:	oracle	model:	weblogic server	scope:	eq	version:	12.2.1.4.0	Trust: 1.0
vendor:	jquery	model:	jquery	scope:	gte	version:	1.0.3	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	32	Trust: 1.0
vendor:	oracle	model:	primavera gateway	scope:	gte	version:	19.12.0	Trust: 1.0
vendor:	oracle	model:	healthcare translational research	scope:	eq	version:	3.2.1	Trust: 1.0
vendor:	oracle	model:	rest data services	scope:	eq	version:	11.2.0.4	Trust: 1.0
vendor:	oracle	model:	jd edwards enterpriseone tools	scope:	lt	version:	9.2.5.0	Trust: 1.0
vendor:	oracle	model:	healthcare translational research	scope:	eq	version:	3.3.1	Trust: 1.0
vendor:	oracle	model:	primavera gateway	scope:	lte	version:	18.8.9	Trust: 1.0
vendor:	oracle	model:	communications session route manager	scope:	eq	version:	8.2.1	Trust: 1.0
vendor:	oracle	model:	communications session route manager	scope:	eq	version:	8.1.1	Trust: 1.0
vendor:	oracle	model:	business intelligence	scope:	eq	version:	5.9.0.0.0	Trust: 1.0
vendor:	oracle	model:	banking enterprise collections	scope:	gte	version:	2.7.0	Trust: 1.0
vendor:	netapp	model:	h700s	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	communications element manager	scope:	eq	version:	8.2.1	Trust: 1.0
vendor:	oracle	model:	communications session route manager	scope:	eq	version:	8.2.0	Trust: 1.0
vendor:	drupal	model:	drupal	scope:	gte	version:	7.0	Trust: 1.0
vendor:	oracle	model:	oss support tools	scope:	lt	version:	2.12.41	Trust: 1.0
vendor:	netapp	model:	max data	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	banking enterprise collections	scope:	lte	version:	2.8.0	Trust: 1.0
vendor:	oracle	model:	financial services revenue management and billing analytics	scope:	eq	version:	2.8	Trust: 1.0
vendor:	oracle	model:	financial services regulatory reporting for de nederlandsche bank	scope:	eq	version:	8.0.4	Trust: 1.0
vendor:	oracle	model:	application testing suite	scope:	eq	version:	13.3.0.1	Trust: 1.0
vendor:	netapp	model:	snapcenter server	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	communications element manager	scope:	eq	version:	8.2.0	Trust: 1.0
vendor:	netapp	model:	h500s	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	communications services gatekeeper	scope:	eq	version:	7.0	Trust: 1.0
vendor:	netapp	model:	h300e	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	financial services revenue management and billing analytics	scope:	eq	version:	2.7	Trust: 1.0
vendor:	netapp	model:	snap creator framework	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	healthcare translational research	scope:	eq	version:	3.3.2	Trust: 1.0
vendor:	oracle	model:	weblogic server	scope:	eq	version:	14.1.1.0.0	Trust: 1.0
vendor:	netapp	model:	active iq unified manager	scope:	eq	version:	-	Trust: 1.0
vendor:	drupal	model:	drupal	scope:	lt	version:	8.8.6	Trust: 1.0
vendor:	netapp	model:	oncommand insight	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	primavera gateway	scope:	gte	version:	17.12.0	Trust: 1.0
vendor:	oracle	model:	healthcare translational research	scope:	eq	version:	3.4.0	Trust: 1.0
vendor:	oracle	model:	communications session report manager	scope:	eq	version:	8.2.1	Trust: 1.0
vendor:	netapp	model:	h300s	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	rest data services	scope:	eq	version:	12.1.0.2	Trust: 1.0
vendor:	oracle	model:	weblogic server	scope:	eq	version:	12.2.1.3.0	Trust: 1.0
vendor:	oracle	model:	webcenter sites	scope:	eq	version:	12.2.1.3.0	Trust: 1.0
vendor:	oracle	model:	weblogic server	scope:	eq	version:	12.1.3.0.0	Trust: 1.0
vendor:	oracle	model:	primavera gateway	scope:	gte	version:	16.2	Trust: 1.0
vendor:	netapp	model:	oncommand system manager	scope:	lte	version:	3.1.3	Trust: 1.0
vendor:	drupal	model:	drupal	scope:	lt	version:	7.70	Trust: 1.0
vendor:	oracle	model:	communications session report manager	scope:	eq	version:	8.2.0	Trust: 1.0
vendor:	oracle	model:	webcenter sites	scope:	eq	version:	12.2.1.4.0	Trust: 1.0
vendor:	oracle	model:	application express	scope:	lt	version:	20.2	Trust: 1.0
vendor:	oracle	model:	peoplesoft enterprise human capital management resources	scope:	eq	version:	9.2	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	33	Trust: 1.0

sources: NVD: CVE-2020-11023

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-11023
value:	MEDIUM
Trust: 1.0
security-advisories@github.com:	CVE-2020-11023
value:	MEDIUM
Trust: 1.0
VULHUB:	VHN-163560
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-11023
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-11023
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-163560
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-11023
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 1.0
security-advisories@github.com:	CVE-2020-11023
baseSeverity:	MEDIUM
baseScore:	6.9
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	1.6
impactScore:	4.7
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-163560 // VULMON: CVE-2020-11023 // NVD: CVE-2020-11023 // NVD: CVE-2020-11023

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.1

sources: VULHUB: VHN-163560 // NVD: CVE-2020-11023

TYPE

code execution, xss

Trust: 0.5

sources: PACKETSTORM: 171211 // PACKETSTORM: 170821 // PACKETSTORM: 170817 // PACKETSTORM: 170823 // PACKETSTORM: 161727

PATCH

title:	Red Hat: Moderate: python-XStatic-jQuery224 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20205412 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: Red Hat AMQ Interconnect 1.9.0 release and security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204211 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: Red Hat Virtualization security, bug fix, and enhancement update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203807 - Security Advisory	Trust: 0.1
title:	Debian Security Advisories: DSA-4693-1 drupal7 -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=978f239ce60a8a08c53eb64ba189d0f6	Trust: 0.1
title:	Red Hat: Moderate: security update - Red Hat Ansible Tower 3.7.4-1 - RHEL7 Container	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20205249 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: Red Hat OpenShift Service Mesh security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203369 - Security Advisory	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2021-1626	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2021-1626	Trust: 0.1
title:	Red Hat: Important: RHV Manager (ovirt-engine) [ovirt-4.5.2] bug fix and security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20226393 - Security Advisory	Trust: 0.1
title:	Debian CVElist Bug Report Logs: wordpress: WordPress 5.9.2 security and maintenance release	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=e7014c0a68e8d9bc31a54125059176dc	Trust: 0.1
title:	Red Hat: Important: RHV Manager (ovirt-engine) 4.4 security, bug fix, and enhancement update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203247 - Security Advisory	Trust: 0.1
title:	Tenable Security Advisories: [R1] Nessus Network Monitor 5.13.0 Fixes One Third-party Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2021-02	Trust: 0.1
title:	Red Hat: Important: Red Hat Single Sign-On 7.4.1 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202813 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204847 - Security Advisory	Trust: 0.1
title:	HP: HPSBPI03688 rev. 1 - Certain HP Printer and MFP products - Cross-Site Scripting (XSS)	url:	https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=HPSBPI03688	Trust: 0.1
title:	HP: SUPPORT COMMUNICATION- SECURITY BULLETIN HPSBPI03688 rev. 1 - Certain HP Printer and MFP products - Cross-Site Scripting (XSS)	url:	https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=0c6e8f969487f201b1d56f59bd98f443	Trust: 0.1
title:	HP: SUPPORT COMMUNICATION- SECURITY BULLETIN HPSBPI03688 rev. 1 - Certain HP Printer and MFP products - Cross-Site Scripting (XSS)	url:	https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=e57a04f097f54c762da82263eadc1b8a	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20230556 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20230554 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat Single Sign-On 7.6.2 security update on RHEL 7	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20231043 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat Single Sign-On 7.6.2 security update on RHEL 8	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20231044 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat Single Sign-On 7.6.2 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20231049 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat Single Sign-On 7.6.2 security update on RHEL 9	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20231045 - Security Advisory	Trust: 0.1
title:	IBM: Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=22fc4d0a2671b6a2b6b740928ccb3e85	Trust: 0.1
title:	Tenable Security Advisories: [R1] LCE 6.0.9 Fixes Multiple Third-party Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2021-10	Trust: 0.1
title:	IBM: Security Bulletin: IBM License Key Server Administration and Reporting Tool is impacted by multiple vulnerabilities in jQuery, Bootstrap and AngularJS	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=06c81cfb59e5c7353b49e490f4b9142c	Trust: 0.1
title:	Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Common Services	url:	https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2020-130	Trust: 0.1
title:	IBM: Security Bulletin: Security vulnerabilities have been fixed in IBM Security Identity Manager Virtual Appliance	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=8c22e5a481443cacfeb30c0ca6b1c6be	Trust: 0.1
title:	Red Hat: Moderate: OpenShift Container Platform 4.6.1 image security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204298 - Security Advisory	Trust: 0.1
title:	IBM: Security Bulletin: Multiple vulnerability issues affect IBM Spectrum Conductor 2.5.0	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=0bf006d622ea4a9435b282864e760566	Trust: 0.1
title:	IBM: Security Bulletin: QRadar Pulse application add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=1abb4a91c60a38765126584f92f9afd0	Trust: 0.1
title:	IBM: Security Bulletin: QRadar Pulse application add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=157eb1e30eb92554b7b6df9a1809e974	Trust: 0.1
title:	IBM: Security Bulletin: Multiple vulnerability issues affect IBM Spectrum Symphony 7.3.1	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=c47c09015d1429df4a71453000607351	Trust: 0.1
title:	CVE-2020-11023 POC Dom XSS	url:	https://github.com/Cybernegro/CVE-2020-11023	Trust: 0.1
title:	Hacky-Holidays-2020-Writeups	url:	https://github.com/goelp14/Hacky-Holidays-2020-Writeups	Trust: 0.1
title:	https-nj.gov---CVE-2020-11023 RECOMMENDATION REFERENCES	url:	https://github.com/korestreet/https-nj.gov---CVE-2020-11023	Trust: 0.1
title:	https-nj.gov---CVE-2020-11023 RECOMMENDATION REFERENCES	url:	https://github.com/Snorlyd/https-nj.gov---CVE-2020-11023	Trust: 0.1
title:	CVE Sandbox :: jQuery	url:	https://github.com/cve-sandbox/jquery	Trust: 0.1
title:	JS_Encoder	url:	https://github.com/AssassinUKG/JS_Encoder	Trust: 0.1
title:	CVE-2020-11022 CVE-2020-11023	url:	https://github.com/0xAJ2K/CVE-2020-11022-CVE-2020-11023	Trust: 0.1
title:	https://github.com/DanielRuf/snyk-js-jquery-565129	url:	https://github.com/DanielRuf/snyk-js-jquery-565129	Trust: 0.1
title:	100DaysofLearning Daily Checklist - ✅	url:	https://github.com/arijitdirghanji/100DaysofLearning	Trust: 0.1
title:	XSSPlayground What is XSS?	url:	https://github.com/AssassinUKG/XSSPlayground	Trust: 0.1
title:	jQuery XSS	url:	https://github.com/EmptyHeart5292/jQuery-XSS	Trust: 0.1
title:	Strings_Attached User Experience Development Process Testing Bugs Libraries and Programs Used Deployment Credits Acknowledgements	url:	https://github.com/johnrearden/strings_attached	Trust: 0.1
title:	jQuery — New Wave JavaScript	url:	https://github.com/spurreiter/jquery	Trust: 0.1
title:	Case Study	url:	https://github.com/faizhaffizudin/Case-Study-Hamsa	Trust: 0.1
title:	Retire HTML Parser	url:	https://github.com/marksowell/retire-html-parser	Trust: 0.1
title:	https://github.com/octane23/CASE-STUDY-1	url:	https://github.com/octane23/CASE-STUDY-1	Trust: 0.1
title:	Vulnerability	url:	https://github.com/tzwlhack/Vulnerability	Trust: 0.1
title:	欢迎关注阿尔法实验室微信公众号	url:	https://github.com/alphaSeclab/sec-daily-2020	Trust: 0.1
title:	SecBooks SecBooks目录	url:	https://github.com/SexyBeast233/SecBooks	Trust: 0.1
title:	PoC in GitHub	url:	https://github.com/soosmile/POC	Trust: 0.1
title:	Github CVE Monitor	url:	https://github.com/khulnasoft-lab/awesome-security	Trust: 0.1
title:	Github CVE Monitor	url:	https://github.com/khulnasoft-labs/awesome-security	Trust: 0.1

sources: VULMON: CVE-2020-11023

EXTERNAL IDS

db:	NVD	id:	CVE-2020-11023	Trust: 2.0
db:	PACKETSTORM	id:	162160	Trust: 1.2
db:	TENABLE	id:	TNS-2021-02	Trust: 1.2
db:	TENABLE	id:	TNS-2021-10	Trust: 1.2
db:	PACKETSTORM	id:	170823	Trust: 0.2
db:	PACKETSTORM	id:	162651	Trust: 0.2
db:	PACKETSTORM	id:	170821	Trust: 0.2
db:	PACKETSTORM	id:	161727	Trust: 0.2
db:	PACKETSTORM	id:	158797	Trust: 0.2
db:	PACKETSTORM	id:	160548	Trust: 0.2
db:	PACKETSTORM	id:	170817	Trust: 0.2
db:	PACKETSTORM	id:	171213	Trust: 0.1
db:	PACKETSTORM	id:	171214	Trust: 0.1
db:	PACKETSTORM	id:	171212	Trust: 0.1
db:	PACKETSTORM	id:	159852	Trust: 0.1
db:	PACKETSTORM	id:	160274	Trust: 0.1
db:	PACKETSTORM	id:	159275	Trust: 0.1
db:	PACKETSTORM	id:	161830	Trust: 0.1
db:	PACKETSTORM	id:	168304	Trust: 0.1
db:	PACKETSTORM	id:	170819	Trust: 0.1
db:	PACKETSTORM	id:	164887	Trust: 0.1
db:	PACKETSTORM	id:	158750	Trust: 0.1
db:	PACKETSTORM	id:	159513	Trust: 0.1
db:	PACKETSTORM	id:	158555	Trust: 0.1
db:	CNNVD	id:	CNNVD-202004-2420	Trust: 0.1
db:	VULHUB	id:	VHN-163560	Trust: 0.1
db:	ICS CERT	id:	ICSA-22-055-02	Trust: 0.1
db:	VULMON	id:	CVE-2020-11023	Trust: 0.1
db:	PACKETSTORM	id:	171211	Trust: 0.1

sources: VULHUB: VHN-163560 // VULMON: CVE-2020-11023 // PACKETSTORM: 171211 // PACKETSTORM: 170821 // PACKETSTORM: 170817 // PACKETSTORM: 170823 // PACKETSTORM: 162651 // PACKETSTORM: 161727 // PACKETSTORM: 160548 // PACKETSTORM: 158797 // NVD: CVE-2020-11023

REFERENCES

url:	https://www.debian.org/security/2020/dsa-4693	Trust: 1.3
url:	https://github.com/jquery/jquery/security/advisories/ghsa-jpcq-cgw6-v4j6	Trust: 1.2
url:	https://security.netapp.com/advisory/ntap-20200511-0006/	Trust: 1.2
url:	https://www.drupal.org/sa-core-2020-002	Trust: 1.2
url:	https://www.tenable.com/security/tns-2021-02	Trust: 1.2
url:	https://www.tenable.com/security/tns-2021-10	Trust: 1.2
url:	https://security.gentoo.org/glsa/202007-03	Trust: 1.2
url:	http://packetstormsecurity.com/files/162160/jquery-1.0.3-cross-site-scripting.html	Trust: 1.2
url:	https://blog.jquery.com/2020/04/10/jquery-3-5-0-released	Trust: 1.2
url:	https://jquery.com/upgrade-guide/3.5/	Trust: 1.2
url:	https://www.oracle.com//security-alerts/cpujul2021.html	Trust: 1.2
url:	https://www.oracle.com/security-alerts/cpuapr2021.html	Trust: 1.2
url:	https://www.oracle.com/security-alerts/cpuapr2022.html	Trust: 1.2
url:	https://www.oracle.com/security-alerts/cpujan2021.html	Trust: 1.2
url:	https://www.oracle.com/security-alerts/cpujan2022.html	Trust: 1.2
url:	https://www.oracle.com/security-alerts/cpujul2020.html	Trust: 1.2
url:	https://www.oracle.com/security-alerts/cpujul2022.html	Trust: 1.2
url:	https://www.oracle.com/security-alerts/cpuoct2020.html	Trust: 1.2
url:	https://www.oracle.com/security-alerts/cpuoct2021.html	Trust: 1.2
url:	https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html	Trust: 1.2
url:	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html	Trust: 1.2
url:	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html	Trust: 1.2
url:	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html	Trust: 1.2
url:	https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/qpn2l2xvqgua2v5hnqjwhk3apsk3vn7k/	Trust: 1.1
url:	https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec%40%3cissues.hive.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248%40%3cdev.hive.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15%40%3cissues.hive.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c%40%3cgitbox.hive.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea%40%3cissues.hive.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9%40%3cissues.hive.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49%40%3cissues.hive.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7%40%3cissues.hive.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5%40%3cissues.hive.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72%40%3cgitbox.hive.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61%40%3cgitbox.hive.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93%40%3cgitbox.hive.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac%40%3cgitbox.hive.apache.org%3e	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/sfp4uk4egp4afh2mwyj5a5z4i7xvfq6b/	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/avkyxlwclzbv2n7m46kyk4lva5oxwpby/	Trust: 1.1
url:	https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6%40%3cissues.hive.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9%40%3ccommits.hive.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1%40%3cissues.hive.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c%40%3cgitbox.hive.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb%40%3cissues.hive.apache.org%3e	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/sapqvx3xdnpgft26qaq6ajixzzbz4cd4/	Trust: 1.1
url:	https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3ccommits.nifi.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3cissues.flink.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3cdev.flink.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3cissues.flink.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330%40%3cdev.felix.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16%40%3cdev.felix.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef%40%3cdev.felix.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6%40%3cdev.felix.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e%40%3cdev.felix.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817%40%3cdev.felix.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c%40%3ccommits.felix.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494%40%3cdev.felix.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3cissues.flink.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3cissues.flink.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3cissues.flink.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3cissues.flink.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3cissues.flink.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3cissues.flink.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3cissues.flink.apache.org%3e	Trust: 1.1
url:	https://github.com/github/advisory-database/blob/99afa6fdeaf5d1d23e1021ff915a5e5dbc82c1f1/advisories/github-reviewed/2020/04/ghsa-jpcq-cgw6-v4j6/ghsa-jpcq-cgw6-v4j6.json#l20-l37	Trust: 1.0
url:	https://access.redhat.com/security/cve/cve-2020-11023	Trust: 0.8
url:	https://bugzilla.redhat.com/):	Trust: 0.8
url:	https://access.redhat.com/security/team/contact/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11023	Trust: 0.8
url:	https://access.redhat.com/articles/11258	Trust: 0.7
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.6
url:	https://access.redhat.com/security/team/key/	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2020-11022	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11022	Trust: 0.5
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14042	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14040	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2022-40150	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2022-40149	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2022-45047	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2022-46364	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2022-42004	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2022-45693	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2022-42003	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2018-14042	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2018-14040	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11358	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-11358	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-3143	Trust: 0.3
url:	https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2015-9251	Trust: 0.3
url:	https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14041	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2022-40150	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2016-10735	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2017-18214	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2022-40152	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2022-40149	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-10735	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2022-40152	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2015-9251	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2018-14041	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-8331	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2017-18214	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8331	Trust: 0.3
url:	https://issues.jboss.org/):	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2022-3143	Trust: 0.3
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.3
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.2
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/avkyxlwclzbv2n7m46kyk4lva5oxwpby/	Trust: 0.1
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/qpn2l2xvqgua2v5hnqjwhk3apsk3vn7k/	Trust: 0.1
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/sfp4uk4egp4afh2mwyj5a5z4i7xvfq6b/	Trust: 0.1
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/sapqvx3xdnpgft26qaq6ajixzzbz4cd4/	Trust: 0.1
url:	https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c@%3ccommits.felix.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6@%3cdev.felix.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef@%3cdev.felix.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817@%3cdev.felix.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e@%3cdev.felix.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330@%3cdev.felix.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16@%3cdev.felix.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494@%3cdev.felix.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67@%3cdev.flink.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d@%3cissues.flink.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48@%3cissues.flink.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760@%3cissues.flink.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c@%3cissues.flink.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3cissues.flink.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3cissues.flink.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3cissues.flink.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3cissues.flink.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36@%3cissues.flink.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9@%3ccommits.hive.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248@%3cdev.hive.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c@%3cgitbox.hive.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72@%3cgitbox.hive.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61@%3cgitbox.hive.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93@%3cgitbox.hive.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac@%3cgitbox.hive.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c@%3cgitbox.hive.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec@%3cissues.hive.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15@%3cissues.hive.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49@%3cissues.hive.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7@%3cissues.hive.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9@%3cissues.hive.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea@%3cissues.hive.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5@%3cissues.hive.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6@%3cissues.hive.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb@%3cissues.hive.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1@%3cissues.hive.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3ccommits.nifi.apache.org%3e	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://github.com/cybernegro/cve-2020-11023	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.cisa.gov/uscert/ics/advisories/icsa-22-055-02	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-38750	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-1471	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1438	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-3916	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-31129	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-25857	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-46175	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-35065	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-44906	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-44906	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2023-0091	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-24785	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-3782	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-2764	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-2764	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-4137	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-46363	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1471	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2023:1044	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2023-0264	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-38751	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-1274	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-37603	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-38749	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-31129	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-35065	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-1438	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25857	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-24785	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1274	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2023:0552	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2023:0556	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches&product=appplatform&version=7.4	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2023:0553	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:1846	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12723	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17006	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-20907	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-12749	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-12401	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12402	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1971	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14866	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20372	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10878	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20228	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-7595	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20843	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20253	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-17006	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-11719	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20388	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12401	Trust: 0.1
url:	https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-17023	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17023	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12749	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-6829	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:0778	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-14866	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-8177	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-12403	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12400	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-20388	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-12723	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19956	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11756	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-11756	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-12243	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10543	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-12400	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20191	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-11727	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12243	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-1971	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11719	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20180	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11727	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-5766	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12403	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-15903	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10878	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20178	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-5766	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-15903	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-20372	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-19956	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-17498	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17498	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20907	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10543	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-35678	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-20843	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-12402	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:5412	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14040	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9283	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9283	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-8203	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-8203	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12666	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:3369	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-12666	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-14040	Trust: 0.1

CREDITS

Red Hat

Trust: 0.8

sources: PACKETSTORM: 171211 // PACKETSTORM: 170821 // PACKETSTORM: 170817 // PACKETSTORM: 170823 // PACKETSTORM: 162651 // PACKETSTORM: 161727 // PACKETSTORM: 160548 // PACKETSTORM: 158797

SOURCES

db:	VULHUB	id:	VHN-163560
db:	VULMON	id:	CVE-2020-11023
db:	PACKETSTORM	id:	171211
db:	PACKETSTORM	id:	170821
db:	PACKETSTORM	id:	170817
db:	PACKETSTORM	id:	170823
db:	PACKETSTORM	id:	162651
db:	PACKETSTORM	id:	161727
db:	PACKETSTORM	id:	160548
db:	PACKETSTORM	id:	158797
db:	NVD	id:	CVE-2020-11023

LAST UPDATE DATE

2025-10-20T03:33:51.490000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-163560	date:	2023-02-03T00:00:00
db:	VULMON	id:	CVE-2020-11023	date:	2023-11-07T00:00:00
db:	NVD	id:	CVE-2020-11023	date:	2025-04-04T19:53:43.140

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-163560	date:	2020-04-29T00:00:00
db:	VULMON	id:	CVE-2020-11023	date:	2020-04-29T00:00:00
db:	PACKETSTORM	id:	171211	date:	2023-03-02T15:19:02
db:	PACKETSTORM	id:	170821	date:	2023-01-31T17:21:40
db:	PACKETSTORM	id:	170817	date:	2023-01-31T17:16:43
db:	PACKETSTORM	id:	170823	date:	2023-01-31T17:26:38
db:	PACKETSTORM	id:	162651	date:	2021-05-19T14:04:49
db:	PACKETSTORM	id:	161727	date:	2021-03-09T16:25:11
db:	PACKETSTORM	id:	160548	date:	2020-12-16T18:08:59
db:	PACKETSTORM	id:	158797	date:	2020-08-07T18:27:30
db:	NVD	id:	CVE-2020-11023	date:	2020-04-29T21:15:11.743