CVE-2020-13954

{"id": "CVE-2020-13954", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2020-11-12T13:15:11.353", "references": [{"url": "http://cxf.apache.org/security-advisories.data/CVE-2020-13954.txt.asc?version=1&modificationDate=1605183670659&api=v2", "tags": ["Vendor Advisory"], "source": "security@apache.org"}, {"url": "http://www.openwall.com/lists/oss-security/2020/11/12/2", "tags": ["Mailing List", "Third Party Advisory", "Vendor Advisory"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r51fdd73548290b2dfd0b48f7ab69bf9ae064dd100364cd8a15f0b3ec%40%3Cannounce.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r51fdd73548290b2dfd0b48f7ab69bf9ae064dd100364cd8a15f0b3ec%40%3Cdev.cxf.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r51fdd73548290b2dfd0b48f7ab69bf9ae064dd100364cd8a15f0b3ec%40%3Cusers.cxf.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r640719c9ce5671f239a6f002c20e14062effe4b318a580b6746aa5ef%40%3Cdev.syncope.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r81a41a2915985d49bc3ea57dde2018b03584a863878a8532a89f993f%40%3Cusers.cxf.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E", "source": "security@apache.org"}, {"url": "https://security.netapp.com/advisory/ntap-20210513-0010/", "tags": ["Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "tags": ["Patch", "Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "tags": ["Not Applicable", "Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://www.oracle.com/security-alerts/cpujan2021.html", "tags": ["Patch", "Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "tags": ["Patch", "Third Party Advisory"], "source": "security@apache.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}, {"type": "Secondary", "source": "security@apache.org", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the styleSheetPath, which allows a malicious actor to inject javascript into the web page. This vulnerability affects all versions of Apache CXF prior to 3.4.1 and 3.3.8. Please note that this is a separate issue to CVE-2019-17573."}, {"lang": "es", "value": "Por defecto, Apache CXF crea una p\u00e1gina /services que contiene una lista de los nombres y direcciones de los endpoints disponibles. Esta p\u00e1gina web es vulnerable a un ataque de tipo Cross-Site Scripting (XSS) reflejado por medio de styleSheetPath, que permite a un actor malicioso inyectar javascript en la p\u00e1gina web. Esta vulnerabilidad afecta a todas las versiones de Apache CXF versiones anteriores a 3.4.1 y 3.3.8. Por favor tome en cuenta que este es un problema independiente de CVE-2019-17573"}], "lastModified": "2023-11-07T03:17:03.450", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B31BB62-D9E6-4D4C-80B3-DA2681089BDE", "versionEndExcluding": "3.3.8"}, {"criteria": "cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5737761F-C2F0-4E03-85EF-CF3F5744B594", "versionEndExcluding": "3.4.1", "versionStartIncluding": "3.4.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F4754FB-E3EB-454A-AB1A-AE3835C5350C"}, {"criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C0FF89C-3DC1-4FF4-9447-128028EEA80B", "versionStartIncluding": "9.6"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:business_intelligence:5.5.0.0.0:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "D40AD626-B23A-44A3-A6C0-1FFB4D647AE4"}, {"criteria": "cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "B602F9E8-1580-436C-A26D-6E6F8121A583"}, {"criteria": "cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "77C3DD16-1D81-40E1-B312-50FBD275507C"}, {"criteria": "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "81DAC8C0-D342-44B5-9432-6B88D389584F"}, {"criteria": "cpe:2.3:a:oracle:retail_order_broker_cloud_service:15.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B9763AF-282B-40C7-B35C-4CA8C22FDC76"}, {"criteria": "cpe:2.3:o:oracle:communications_messaging_server:8.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E819270D-AA7D-4B0E-990B-D25AB6E46FBC"}, {"criteria": "cpe:2.3:o:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7569C0BD-16C1-441E-BAEB-840C94BE73EF"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}