CVE-2019-3873

6.4MEDIUM

Key Information:

Vendor: Red Hat
Status: Picketlink
Vendor: CVE Published:; 12 June 2019

Summary

It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve cross-site scripting or possibly conduct further attacks.

Affected Version(s)

picketlink as shipped with Jboss Enterprise Application Server 7.2

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3873

x_refsource_CONFIRM

http://www.securityfocus.com/bid/108739

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jun 12, 2019
Vulnerability Reserved
Jan 3, 2019