CVE-2019-11358

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.

CVSS v3 6.1 MEDIUM
CVSS v2.0 4.3 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html	Mailing List Third Party Advisory
http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html	Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2019/May/10	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2019/May/11	Mailing List Patch Third Party Advisory
http://seclists.org/fulldisclosure/2019/May/13	Mailing List Patch Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/06/03/2	Mailing List Patch Third Party Advisory
http://www.securityfocus.com/bid/108023	Broken Link Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHBA-2019:1570	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1456	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2587	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3023	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3024	Third Party Advisory
https://backdropcms.org/security/backdrop-sa-core-2019-009	Third Party Advisory
https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/	Release Notes Vendor Advisory
https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b	Patch Third Party Advisory
https://github.com/jquery/jquery/pull/4333	Patch Third Party Advisory
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601	Third Party Advisory
https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E	Issue Tracking
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E	Issue Tracking
https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E	Issue Tracking
https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E	Issue Tracking
https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E	Issue Tracking
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E	Issue Tracking
https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E	Issue Tracking
https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E	Issue Tracking
https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E	Issue Tracking
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E	Issue Tracking
https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E	Issue Tracking
https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E	Issue Tracking
https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E	Issue Tracking
https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E	Issue Tracking
https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E	Issue Tracking
https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E	Issue Tracking
https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E	Issue Tracking
https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E	Issue Tracking
https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E	Issue Tracking
https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/	Mailing List Third Party Advisory
https://seclists.org/bugtraq/2019/Apr/32	Mailing List Third Party Advisory
https://seclists.org/bugtraq/2019/Jun/12	Issue Tracking Mailing List Third Party Advisory
https://seclists.org/bugtraq/2019/May/18	Mailing List Patch Third Party Advisory
https://security.netapp.com/advisory/ntap-20190919-0001/	Third Party Advisory
https://snyk.io/vuln/SNYK-JS-JQUERY-174006	Exploit Third Party Advisory
https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1	Third Party Advisory
https://www.debian.org/security/2019/dsa-4434	Third Party Advisory
https://www.debian.org/security/2019/dsa-4460	Third Party Advisory
https://www.drupal.org/sa-core-2019-006	Patch Third Party Advisory
https://www.oracle.com//security-alerts/cpujul2021.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2020.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2020.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html	Patch Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html	Patch Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html	Patch Third Party Advisory
https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/	Patch Third Party Advisory
https://www.synology.com/security/advisory/Synology_SA_19_19	Third Party Advisory
https://www.tenable.com/security/tns-2019-08	Third Party Advisory
https://www.tenable.com/security/tns-2020-02	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html	Mailing List Third Party Advisory
http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html	Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2019/May/10	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2019/May/11	Mailing List Patch Third Party Advisory
http://seclists.org/fulldisclosure/2019/May/13	Mailing List Patch Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/06/03/2	Mailing List Patch Third Party Advisory
http://www.securityfocus.com/bid/108023	Broken Link Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHBA-2019:1570	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1456	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2587	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3023	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3024	Third Party Advisory
https://backdropcms.org/security/backdrop-sa-core-2019-009	Third Party Advisory
https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/	Release Notes Vendor Advisory
https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b	Patch Third Party Advisory
https://github.com/jquery/jquery/pull/4333	Patch Third Party Advisory
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601	Third Party Advisory
https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E	Issue Tracking
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E	Issue Tracking
https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E	Issue Tracking
https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E	Issue Tracking
https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E	Issue Tracking
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E	Issue Tracking
https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E	Issue Tracking
https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E	Issue Tracking
https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E	Issue Tracking
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E	Issue Tracking
https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E	Issue Tracking
https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E	Issue Tracking
https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E	Issue Tracking
https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E	Issue Tracking
https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E	Issue Tracking
https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E	Issue Tracking
https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E	Issue Tracking
https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E	Issue Tracking
https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E	Issue Tracking
https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/	Mailing List Third Party Advisory
https://seclists.org/bugtraq/2019/Apr/32	Mailing List Third Party Advisory
https://seclists.org/bugtraq/2019/Jun/12	Issue Tracking Mailing List Third Party Advisory
https://seclists.org/bugtraq/2019/May/18	Mailing List Patch Third Party Advisory
https://security.netapp.com/advisory/ntap-20190919-0001/	Third Party Advisory
https://snyk.io/vuln/SNYK-JS-JQUERY-174006	Exploit Third Party Advisory
https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1	Third Party Advisory
https://www.debian.org/security/2019/dsa-4434	Third Party Advisory
https://www.debian.org/security/2019/dsa-4460	Third Party Advisory
https://www.drupal.org/sa-core-2019-006	Patch Third Party Advisory
https://www.oracle.com//security-alerts/cpujul2021.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2020.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2020.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html	Patch Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html	Patch Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html	Patch Third Party Advisory
https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/	Patch Third Party Advisory
https://www.synology.com/security/advisory/Synology_SA_19_19	Third Party Advisory
https://www.tenable.com/security/tns-2019-08	Third Party Advisory
https://www.tenable.com/security/tns-2020-02	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*
	cpe:2.3:o:debian:debian_linux:10.0:::::::*

Configuration 3 (hide)

OR	cpe:2.3:a:drupal:drupal::::::::
	cpe:2.3:a:drupal:drupal::::::::
	cpe:2.3:a:drupal:drupal::::::::

Configuration 4 (hide)

OR	cpe:2.3:a:backdropcms:backdrop::::::::
	cpe:2.3:a:backdropcms:backdrop::::::::

Configuration 5 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:28:::::::*
	cpe:2.3:o:fedoraproject:fedora:29:::::::*
	cpe:2.3:o:fedoraproject:fedora:30:::::::*

Configuration 6 (hide)

OR	cpe:2.3:a:opensuse:backports_sle:15.0:sp1::::::
	cpe:2.3:o:opensuse:leap:15.1:::::::*

Configuration 7 (hide)

OR	cpe:2.3:a:netapp:oncommand_system_manager::::::::
	cpe:2.3:a:netapp:snapcenter:-:::::::*

Configuration 8 (hide)

OR	cpe:2.3:a:redhat:cloudforms:4.7:::::::*
	cpe:2.3:a:redhat:virtualization_manager:4.3:::::::*

Configuration 9 (hide)

OR	cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.1:::::::*
	cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:::::::*
	cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:::::::*
	cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:::::::*
	cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:::::::*
	cpe:2.3:a:oracle:application_express::::::::
	cpe:2.3:a:oracle:application_service_level_management:13.2.0.0:::::::*
	cpe:2.3:a:oracle:application_service_level_management:13.3.0.0:::::::*
	cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:::::::*
	cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:::::::*
	cpe:2.3:a:oracle:application_testing_suite:13.2:::::::*
	cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:::::::*
	cpe:2.3:a:oracle:application_testing_suite:13.3:::::::*
	cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:::::::*
	cpe:2.3:a:oracle:banking_digital_experience:18.1:::::::*
	cpe:2.3:a:oracle:banking_digital_experience:18.2:::::::*
	cpe:2.3:a:oracle:banking_digital_experience:18.3:::::::*
	cpe:2.3:a:oracle:banking_digital_experience:19.1:::::::*
	cpe:2.3:a:oracle:banking_digital_experience:19.2:::::::*
	cpe:2.3:a:oracle:banking_digital_experience:20.1:::::::*
	cpe:2.3:a:oracle:banking_enterprise_collections::::::::
	cpe:2.3:a:oracle:banking_platform::::::::
	cpe:2.3:a:oracle:bi_publisher:5.5.0.0.0:::::::*
	cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:::::::*
	cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:::::::*
	cpe:2.3:a:oracle:big_data_discovery:1.6:::::::*
	cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:::::::*
	cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:::::::*
	cpe:2.3:a:oracle:communications_analytics:12.1.1:::::::*
	cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:::::::*
	cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:::::::*
	cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:::::::*
	cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0:::::::*
	cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:::::::*
	cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:::::::*
	cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:::::::*
	cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:::::::*
	cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:::::::*
	cpe:2.3:a:oracle:communications_eagle_application_processor::::::::
	cpe:2.3:a:oracle:communications_element_manager:8.1.1:::::::*
	cpe:2.3:a:oracle:communications_element_manager:8.2.0:::::::*
	cpe:2.3:a:oracle:communications_element_manager:8.2.1:::::::*
	cpe:2.3:a:oracle:communications_interactive_session_recorder::::::::
	cpe:2.3:a:oracle:communications_operations_monitor::::::::
	cpe:2.3:a:oracle:communications_operations_monitor:3.4:::::::*
	cpe:2.3:a:oracle:communications_operations_monitor:4.0:::::::*
	cpe:2.3:a:oracle:communications_operations_monitor:4.1.0:::::::*
	cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:::::::*
	cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:::::::*
	cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:::::::*
	cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:::::::*
	cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:::::::*
	cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:::::::*
	cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:::::::*
	cpe:2.3:a:oracle:communications_unified_inventory_management:7.3:::::::*
	cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:::::::*
	cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:::::::*
	cpe:2.3:a:oracle:diagnostic_assistant:2.12.36:::::::*
	cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:::::::*
	cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:::::::*
	cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:::::::*
	cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:::::::*
	cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure::::::::
	cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure::::::::
cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework::::::::
cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:::::::*
cpe:2.3:a:oracle:financial_services_asset_liability_management::::::::
cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:::::::*
cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:::::::*
cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic::::::::
cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:::::::*
cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach::::::::
cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:::::::*
cpe:2.3:a:oracle:financial_services_data_foundation::::::::
cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting::::::::
cpe:2.3:a:oracle:financial_services_data_integration_hub::::::::
cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:::::::*
cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.6:::::::*
cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.7:::::::*
cpe:2.3:a:oracle:financial_services_funds_transfer_pricing::::::::
cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:::::::*
cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations::::::::
cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:::::::*
cpe:2.3:a:oracle:financial_services_institutional_performance_analytics::::::::
cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:::::::*
cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.0.1.0:::::::*
cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.2:::::::*
cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.4.0.0:::::::*
cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.5.0.0:::::::*
cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:::::::*
cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:::::::*
cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:::::::*
cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:::::::*
cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning::::::::
cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:::::::*
cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:::::::*
cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:::::::*
cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:::::::*
cpe:2.3:a:oracle:financial_services_price_creation_and_discovery::::::::
cpe:2.3:a:oracle:financial_services_profitability_management::::::::
cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:::::::*
cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:::::::*
cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.6:::::::*
cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.7:::::::*
cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve::::::::
cpe:2.3:a:oracle:financial_services_retail_customer_analytics::::::::
cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.6:::::::*
cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.7:::::::*
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.0:::::::*
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.1:::::::*
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:healthcare_foundation:7.1.1:::::::*
cpe:2.3:a:oracle:healthcare_foundation:7.2.0:::::::*
cpe:2.3:a:oracle:healthcare_foundation:7.2.2:::::::*
cpe:2.3:a:oracle:healthcare_foundation:7.3.0:::::::*
cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:::::::*
cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:::::::*
cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:::::::*
cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:::::::*
cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:::::::*
cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:::::::*
cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:::::::*
cpe:2.3:a:oracle:hospitality_materials_control:18.1:::::::*
cpe:2.3:a:oracle:hospitality_simphony::::::::
cpe:2.3:a:oracle:hospitality_simphony:18.1:::::::*
cpe:2.3:a:oracle:hospitality_simphony:18.2:::::::*
cpe:2.3:a:oracle:identity_manager:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:::::::*
cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:::::::*
cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:::::::*
cpe:2.3:a:oracle:insurance_data_foundation::::::::
cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.6:::::::*
cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.7:::::::*
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting::::::::
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:::::::*
cpe:2.3:a:oracle:insurance_performance_insight:8.0.7:::::::*
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:::::::*
cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:::::::*
cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:::::::*
cpe:2.3:a:oracle:jdeveloper_and_adf:11.1.1.9.0:::::::*
cpe:2.3:a:oracle:jdeveloper_and_adf:12.1.3.0.0:::::::*
cpe:2.3:a:oracle:jdeveloper_and_adf:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:knowledge::::::::
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:::::::*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:::::::*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:::::::*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:::::::*
cpe:2.3:a:oracle:policy_automation::::::::
cpe:2.3:a:oracle:policy_automation:10.4.7:::::::*
cpe:2.3:a:oracle:policy_automation:12.1.0:::::::*
cpe:2.3:a:oracle:policy_automation:12.1.1:::::::*
cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:::::::*
cpe:2.3:a:oracle:policy_automation_for_mobile_devices::::::::
cpe:2.3:a:oracle:primavera_gateway::::::::
cpe:2.3:a:oracle:primavera_gateway::::::::
cpe:2.3:a:oracle:primavera_gateway::::::::
cpe:2.3:a:oracle:primavera_gateway::::::::
cpe:2.3:a:oracle:primavera_gateway:15.2.18:::::::*
cpe:2.3:a:oracle:primavera_unifier::::::::
cpe:2.3:a:oracle:primavera_unifier:16.1:::::::*
cpe:2.3:a:oracle:primavera_unifier:16.2:::::::*
cpe:2.3:a:oracle:primavera_unifier:18.8:::::::*
cpe:2.3:a:oracle:real-time_scheduler::::::::
cpe:2.3:a:oracle:rest_data_services:11.2.0.4::::-:::
cpe:2.3:a:oracle:rest_data_services:12.1.0.2::::-:::
cpe:2.3:a:oracle:rest_data_services:12.2.0.1::::-:::
cpe:2.3:a:oracle:rest_data_services:18c::::-:::
cpe:2.3:a:oracle:rest_data_services:19c::::-:::
cpe:2.3:a:oracle:retail_back_office:14.0:::::::*
cpe:2.3:a:oracle:retail_back_office:14.1:::::::*
cpe:2.3:a:oracle:retail_central_office:14.0:::::::*
cpe:2.3:a:oracle:retail_central_office:14.1:::::::*
cpe:2.3:a:oracle:retail_customer_insights:15.0:::::::*
cpe:2.3:a:oracle:retail_customer_insights:16.0:::::::*
cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:::::::*
cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:::::::*
cpe:2.3:a:oracle:retail_point-of-service:14.0:::::::*
cpe:2.3:a:oracle:retail_point-of-service:14.1:::::::*
cpe:2.3:a:oracle:retail_returns_management:14.0:::::::*
cpe:2.3:a:oracle:retail_returns_management:14.1:::::::*
cpe:2.3:a:oracle:service_bus:11.1.1.9.0:::::::*
cpe:2.3:a:oracle:service_bus:12.1.3.0.0:::::::*
cpe:2.3:a:oracle:service_bus:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:siebel_mobile_applications::::::::
cpe:2.3:a:oracle:siebel_ui_framework:20.8:::::::*
cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.0:::::::*
cpe:2.3:a:oracle:system_utilities:19.1:::::::*
cpe:2.3:a:oracle:tape_library_acsls:8.5:::::::*
cpe:2.3:a:oracle:tape_library_acsls:8.5.1:::::::*
cpe:2.3:a:oracle:transportation_management:1.4.3:::::::*
cpe:2.3:a:oracle:utilities_mobile_workforce_management::::::::
cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:::::::*
cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:::::::*
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*

Configuration 10 (hide)

cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*

Configuration 11 (hide)

cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*

History

No history.

Information

Published : 2019-04-20 00:29

Updated : 2024-11-21 04:20

NVD link : CVE-2019-11358

Mitre link : CVE-2019-11358

CVE.ORG link : CVE-2019-11358

JSON object : View

Products Affected

oracle

communications_services_gatekeeper
banking_enterprise_collections
hospitality_simphony
communications_billing_and_revenue_management
insurance_data_foundation
identity_manager
retail_point-of-service
healthcare_foundation
communications_eagle_application_processor
financial_services_regulatory_reporting_for_de_nederlandsche_bank
financial_services_liquidity_risk_management
retail_customer_insights
communications_analytics
financial_services_data_foundation
hospitality_guest_access
retail_customer_management_and_segmentation_foundation
financial_services_balance_sheet_planning
retail_back_office
big_data_discovery
transportation_management
system_utilities
communications_diameter_signaling_router
financial_services_price_creation_and_discovery
financial_services_basel_regulatory_capital_basic
financial_services_regulatory_reporting_for_european_banking_authority
policy_automation_for_mobile_devices
jd_edwards_enterpriseone_tools
communications_operations_monitor
siebel_ui_framework
financial_services_hedge_management_and_ifrs_valuations
primavera_unifier
financial_services_data_integration_hub
siebel_mobile_applications
enterprise_session_border_controller
hospitality_materials_control
application_service_level_management
business_process_management_suite
webcenter_sites
communications_unified_inventory_management
jdeveloper_and_adf
knowledge
rest_data_services
financial_services_market_risk_measurement_and_management
banking_platform
weblogic_server
peoplesoft_enterprise_peopletools
insurance_accounting_analyzer
policy_automation
policy_automation_connector_for_siebel
financial_services_basel_regulatory_capital_internal_ratings_based_approach
retail_returns_management
financial_services_profitability_management
financial_services_retail_performance_analytics
jdeveloper
service_bus
fusion_middleware_mapviewer
financial_services_analytical_applications_reconciliation_framework
diagnostic_assistant
communications_element_manager
financial_services_funds_transfer_pricing
insurance_allocation_manager_for_enterprise_profitability
communications_session_route_manager
financial_services_revenue_management_and_billing
enterprise_manager_ops_center
tape_library_acsls
financial_services_data_governance_for_us_regulatory_reporting
banking_digital_experience
financial_services_enterprise_financial_performance_analytics
bi_publisher
communications_session_report_manager
communications_interactive_session_recorder
financial_services_regulatory_reporting_for_us_federal_reserve
financial_services_analytical_applications_infrastructure
real-time_scheduler
application_testing_suite
insurance_performance_insight
financial_services_loan_loss_forecasting_and_provisioning
financial_services_asset_liability_management
insurance_ifrs_17_analyzer
storagetek_tape_analytics_sw_tool
retail_central_office
utilities_mobile_workforce_management
insurance_insbridge_rating_and_underwriting
agile_product_lifecycle_management_for_process
communications_application_session_controller
financial_services_institutional_performance_analytics
application_express
healthcare_translational_research
financial_services_liquidity_risk_measurement_and_management
financial_services_retail_customer_analytics
primavera_gateway
communications_webrtc_session_controller

joomla

joomla\!

jquery

jquery

redhat

virtualization_manager
cloudforms

juniper

junos

drupal

drupal

debian

debian_linux

fedoraproject

fedora

netapp

snapcenter
oncommand_system_manager

opensuse

backports_sle
leap

backdropcms

backdrop

CWE

CWE-1321

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

6.1 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

4.3 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2019-11358

6.1^/10

4.3^/10

Attach tags to `CVE-2019-11358`