← back
CVE-2019-3873

CVE-2019-3873

CVSS 6.4 MEDIUMEPSS 0.9%CWE-79
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.4EPSS 0.9%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
12 Jun 2019Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve cross-site scripting or possibly conduct further attacks.
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
Affected products
Red Hat · picketlink

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3873http://www.securityfocus.com/bid/108739