CVE-2019-3872 — MEDIUM (5.4)

Vulnerability Description

It was found that a SAMLRequest containing a script could be processed by Picketlink versions shipped in Jboss Application Platform 7.2.x and 7.1.x. An attacker could use this to send a malicious script to achieve cross-site scripting and obtain unauthorized information or conduct further attacks.

CVSS Score

5.4

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Redhat	Jboss Enterprise Application Platform	7.2.0
Redhat	Enterprise Linux	6.0
Redhat	Single Sign-On	7.0

Related Weaknesses (CWE)

CWE-79

References

http://www.securityfocus.com/bid/108732Third Party AdvisoryVDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3872Issue TrackingVendor Advisory
http://www.securityfocus.com/bid/108732Third Party AdvisoryVDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3872Issue TrackingVendor Advisory

FAQ

What is CVE-2019-3872?

CVE-2019-3872 is a vulnerability with a CVSS score of 5.4 (MEDIUM). It was found that a SAMLRequest containing a script could be processed by Picketlink versions shipped in Jboss Application Platform 7.2.x and 7.1.x. An attacker could use this to send a malicious scri...

How severe is CVE-2019-3872?

CVE-2019-3872 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-3872?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Jboss Enterprise Application Platform, Redhat Enterprise Linux, Redhat Single Sign-On.