CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   

Vulnerability Details : CVE-2019-11358

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
Publish Date : 2019-04-20 Last Update Date : 2022-04-06
Collapse All   Expand All   Select   Select&Copy  
Search Twitter   Search YouTube   Search Google

- CVSS Scores & Vulnerability Types

CVSS Score
4.3
Confidentiality Impact None (There is no impact to the confidentiality of the system.)
Integrity Impact Partial (Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.)
Availability Impact None (There is no impact to the availability of the system.)
Access Complexity Medium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit)
Authentication Not required (Authentication is not required to exploit the vulnerability.)
Gained Access None
Vulnerability Type(s)
CWE ID 1321

- Related OVAL Definitions

Title Definition Id Class Family
RHSA-2020:3936: ipa security, bug fix, and enhancement update (Moderate) oval:com.redhat.rhsa:def:20203936 unix
RHSA-2020:4670: idm:DL1 and idm:client security, bug fix, and enhancement update (Moderate) oval:com.redhat.rhsa:def:20204670 unix
RHSA-2020:4847: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate) oval:com.redhat.rhsa:def:20204847 unix
RHSA-2021:4142: pcs security, bug fix, and enhancement update (Low) oval:com.redhat.rhsa:def:20214142 unix
RHSA-2022:7343: pcs security update (Important) oval:com.redhat.rhsa:def:20227343 unix
OVAL (Open Vulnerability and Assessment Language) definitions define exactly what should be done to verify a vulnerability or a missing patch. Check out the OVAL definitions if you want to learn what you should do to verify a vulnerability.

- Products Affected By CVE-2019-11358

# Product Type Vendor Product Version Update Edition Language
1 Application Backdropcms Backdrop * * * * Version Details Vulnerabilities
2 OS Debian Debian Linux 8.0 * * * Version Details Vulnerabilities
3 OS Debian Debian Linux 9.0 * * * Version Details Vulnerabilities
4 Application Drupal Drupal * * * * Version Details Vulnerabilities
5 OS Fedoraproject Fedora 28 * * * Version Details Vulnerabilities
6 OS Fedoraproject Fedora 29 * * * Version Details Vulnerabilities
7 OS Fedoraproject Fedora 30 * * * Version Details Vulnerabilities
8 Application Joomla Joomla\! * * * * Version Details Vulnerabilities
9 Application Jquery Jquery * * * * Version Details Vulnerabilities
10 Application Netapp Oncommand System Manager * * * * Version Details Vulnerabilities
11 Application Netapp Snapcenter - * * * Version Details Vulnerabilities
12 Application Opensuse Backports Sle 15.0 SP1 * * Version Details Vulnerabilities
13 OS Opensuse Leap 15.1 * * * Version Details Vulnerabilities
14 Application Oracle Agile Product Lifecycle Management For Process 6.1 * * * Version Details Vulnerabilities
15 Application Oracle Agile Product Lifecycle Management For Process 6.2.0.0 * * * Version Details Vulnerabilities
16 Application Oracle Agile Product Lifecycle Management For Process 6.2.1.0 * * * Version Details Vulnerabilities
17 Application Oracle Agile Product Lifecycle Management For Process 6.2.2.0 * * * Version Details Vulnerabilities
18 Application Oracle Agile Product Lifecycle Management For Process 6.2.3.0 * * * Version Details Vulnerabilities
19 Application Oracle Application Express * * * * Version Details Vulnerabilities
20 Application Oracle Application Service Level Management 13.2.0.0 * * * Version Details Vulnerabilities
21 Application Oracle Application Service Level Management 13.3.0.0 * * * Version Details Vulnerabilities
22 Application Oracle Application Testing Suite 12.5.0.3 * * * Version Details Vulnerabilities
23 Application Oracle Application Testing Suite 13.1.0.1 * * * Version Details Vulnerabilities
24 Application Oracle Application Testing Suite 13.2 * * * Version Details Vulnerabilities
25 Application Oracle Application Testing Suite 13.2.0.1 * * * Version Details Vulnerabilities
26 Application Oracle Application Testing Suite 13.3 * * * Version Details Vulnerabilities
27 Application Oracle Application Testing Suite 13.3.0.1 * * * Version Details Vulnerabilities
28 Application Oracle Banking Digital Experience 18.1 * * * Version Details Vulnerabilities
29 Application Oracle Banking Digital Experience 18.2 * * * Version Details Vulnerabilities
30 Application Oracle Banking Digital Experience 18.3 * * * Version Details Vulnerabilities
31 Application Oracle Banking Digital Experience 19.1 * * * Version Details Vulnerabilities
32 Application Oracle Banking Digital Experience 19.2 * * * Version Details Vulnerabilities
33 Application Oracle Banking Digital Experience 20.1 * * * Version Details Vulnerabilities
34 Application Oracle Banking Enterprise Collections * * * * Version Details Vulnerabilities
35 Application Oracle Banking Platform * * * * Version Details Vulnerabilities
36 Application Oracle Bi Publisher 5.5.0.0.0 * * * Version Details Vulnerabilities
37 Application Oracle Bi Publisher 12.2.1.3.0 * * * Version Details Vulnerabilities
38 Application Oracle Bi Publisher 12.2.1.4.0 * * * Version Details Vulnerabilities
39 Application Oracle Big Data Discovery 1.6 * * * Version Details Vulnerabilities
40 Application Oracle Business Process Management Suite 12.2.1.3.0 * * * Version Details Vulnerabilities
41 Application Oracle Business Process Management Suite 12.2.1.4.0 * * * Version Details Vulnerabilities
42 Application Oracle Communications Analytics 12.1.1 * * * Version Details Vulnerabilities
43 Application Oracle Communications Application Session Controller 3.8m0 * * * Version Details Vulnerabilities
44 Application Oracle Communications Billing And Revenue Management 7.5 * * * Version Details Vulnerabilities
45 Application Oracle Communications Billing And Revenue Management 7.5.0.23.0 * * * Version Details Vulnerabilities
46 Application Oracle Communications Billing And Revenue Management 12.0 * * * Version Details Vulnerabilities
47 Application Oracle Communications Billing And Revenue Management 12.0.0.3.0 * * * Version Details Vulnerabilities
48 Application Oracle Communications Diameter Signaling Router 8.0.0 * * * Version Details Vulnerabilities
49 Application Oracle Communications Diameter Signaling Router 8.1 * * * Version Details Vulnerabilities
50 Application Oracle Communications Diameter Signaling Router 8.2 * * * Version Details Vulnerabilities
51 Application Oracle Communications Diameter Signaling Router 8.2.1 * * * Version Details Vulnerabilities
52 Application Oracle Communications Eagle Application Processor * * * * Version Details Vulnerabilities
53 Application Oracle Communications Element Manager 8.1.1 * * * Version Details Vulnerabilities
54 Application Oracle Communications Element Manager 8.2.0 * * * Version Details Vulnerabilities
55 Application Oracle Communications Element Manager 8.2.1 * * * Version Details Vulnerabilities
56 Application Oracle Communications Interactive Session Recorder * * * * Version Details Vulnerabilities
57 Application Oracle Communications Operations Monitor * * * * Version Details Vulnerabilities
58 Application Oracle Communications Operations Monitor 3.4 * * * Version Details Vulnerabilities
59 Application Oracle Communications Operations Monitor 4.0 * * * Version Details Vulnerabilities
60 Application Oracle Communications Operations Monitor 4.1.0 * * * Version Details Vulnerabilities
61 Application Oracle Communications Services Gatekeeper 7.0 * * * Version Details Vulnerabilities
62 Application Oracle Communications Session Report Manager 8.1.1 * * * Version Details Vulnerabilities
63 Application Oracle Communications Session Report Manager 8.2.0 * * * Version Details Vulnerabilities
64 Application Oracle Communications Session Report Manager 8.2.1 * * * Version Details Vulnerabilities
65 Application Oracle Communications Session Route Manager 8.1.1 * * * Version Details Vulnerabilities
66 Application Oracle Communications Session Route Manager 8.2.0 * * * Version Details Vulnerabilities
67 Application Oracle Communications Session Route Manager 8.2.1 * * * Version Details Vulnerabilities
68 Application Oracle Communications Unified Inventory Management 7.3 * * * Version Details Vulnerabilities
69 Application Oracle Communications Unified Inventory Management 7.4.0 * * * Version Details Vulnerabilities
70 Application Oracle Communications Webrtc Session Controller 7.2 * * * Version Details Vulnerabilities
71 Application Oracle Diagnostic Assistant 2.12.36 * * * Version Details Vulnerabilities
72 Application Oracle Enterprise Manager Ops Center 12.3.3 * * * Version Details Vulnerabilities
73 Application Oracle Enterprise Manager Ops Center 12.4.0 * * * Version Details Vulnerabilities
74 Application Oracle Enterprise Manager Ops Center 12.4.0.0 * * * Version Details Vulnerabilities
75 Application Oracle Enterprise Session Border Controller 8.4 * * * Version Details Vulnerabilities
76 Application Oracle Financial Services Analytical Applications Infrastructure * * * * Version Details Vulnerabilities
77 Application Oracle Financial Services Analytical Applications Reconciliation Framework * * * * Version Details Vulnerabilities
78 Application Oracle Financial Services Analytical Applications Reconciliation Framework 8.1.0 * * * Version Details Vulnerabilities
79 Application Oracle Financial Services Asset Liability Management * * * * Version Details Vulnerabilities
80 Application Oracle Financial Services Asset Liability Management 8.1.0 * * * Version Details Vulnerabilities
81 Application Oracle Financial Services Balance Sheet Planning 8.0.8 * * * Version Details Vulnerabilities
82 Application Oracle Financial Services Basel Regulatory Capital Basic * * * * Version Details Vulnerabilities
83 Application Oracle Financial Services Basel Regulatory Capital Basic 8.1.0 * * * Version Details Vulnerabilities
84 Application Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach * * * * Version Details Vulnerabilities
85 Application Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach 8.1.0 * * * Version Details Vulnerabilities
86 Application Oracle Financial Services Data Foundation * * * * Version Details Vulnerabilities
87 Application Oracle Financial Services Data Governance For Us Regulatory Reporting * * * * Version Details Vulnerabilities
88 Application Oracle Financial Services Data Integration Hub * * * * Version Details Vulnerabilities
89 Application Oracle Financial Services Data Integration Hub 8.1.0 * * * Version Details Vulnerabilities
90 Application Oracle Financial Services Enterprise Financial Performance Analytics 8.0.6 * * * Version Details Vulnerabilities
91 Application Oracle Financial Services Enterprise Financial Performance Analytics 8.0.7 * * * Version Details Vulnerabilities
92 Application Oracle Financial Services Funds Transfer Pricing * * * * Version Details Vulnerabilities
93 Application Oracle Financial Services Funds Transfer Pricing 8.1.0 * * * Version Details Vulnerabilities
94 Application Oracle Financial Services Hedge Management And Ifrs Valuations * * * * Version Details Vulnerabilities
95 Application Oracle Financial Services Hedge Management And Ifrs Valuations 8.1.0 * * * Version Details Vulnerabilities
96 Application Oracle Financial Services Institutional Performance Analytics * * * * Version Details Vulnerabilities
97 Application Oracle Financial Services Institutional Performance Analytics 8.1.0 * * * Version Details Vulnerabilities
98 Application Oracle Financial Services Liquidity Risk Management 8.0.0.1.0 * * * Version Details Vulnerabilities
99 Application Oracle Financial Services Liquidity Risk Management 8.0.2 * * * Version Details Vulnerabilities
100 Application Oracle Financial Services Liquidity Risk Management 8.0.4.0.0 * * * Version Details Vulnerabilities
101 Application Oracle Financial Services Liquidity Risk Management 8.0.5.0.0 * * * Version Details Vulnerabilities
102 Application Oracle Financial Services Liquidity Risk Management 8.0.6 * * * Version Details Vulnerabilities
103 Application Oracle Financial Services Liquidity Risk Measurement And Management 8.0.7 * * * Version Details Vulnerabilities
104 Application Oracle Financial Services Liquidity Risk Measurement And Management 8.0.8 * * * Version Details Vulnerabilities
105 Application Oracle Financial Services Liquidity Risk Measurement And Management 8.1.0 * * * Version Details Vulnerabilities
106 Application Oracle Financial Services Loan Loss Forecasting And Provisioning * * * * Version Details Vulnerabilities
107 Application Oracle Financial Services Loan Loss Forecasting And Provisioning 8.1.0 * * * Version Details Vulnerabilities
108 Application Oracle Financial Services Market Risk Measurement And Management 8.0.5 * * * Version Details Vulnerabilities
109 Application Oracle Financial Services Market Risk Measurement And Management 8.0.6 * * * Version Details Vulnerabilities
110 Application Oracle Financial Services Market Risk Measurement And Management 8.0.8 * * * Version Details Vulnerabilities
111 Application Oracle Financial Services Price Creation And Discovery * * * * Version Details Vulnerabilities
112 Application Oracle Financial Services Profitability Management * * * * Version Details Vulnerabilities
113 Application Oracle Financial Services Profitability Management 8.1.0 * * * Version Details Vulnerabilities
114 Application Oracle Financial Services Regulatory Reporting For De Nederlandsche Bank 8.0.4 * * * Version Details Vulnerabilities
115 Application Oracle Financial Services Regulatory Reporting For European Banking Authority 8.0.6 * * * Version Details Vulnerabilities
116 Application Oracle Financial Services Regulatory Reporting For European Banking Authority 8.0.7 * * * Version Details Vulnerabilities
117 Application Oracle Financial Services Regulatory Reporting For Us Federal Reserve * * * * Version Details Vulnerabilities
118 Application Oracle Financial Services Retail Customer Analytics * * * * Version Details Vulnerabilities
119 Application Oracle Financial Services Retail Performance Analytics 8.0.6 * * * Version Details Vulnerabilities
120 Application Oracle Financial Services Retail Performance Analytics 8.0.7 * * * Version Details Vulnerabilities
121 Application Oracle Financial Services Revenue Management And Billing 2.4.0.0 * * * Version Details Vulnerabilities
122 Application Oracle Financial Services Revenue Management And Billing 2.4.0.1 * * * Version Details Vulnerabilities
123 Application Oracle Fusion Middleware Mapviewer 12.2.1.3.0 * * * Version Details Vulnerabilities
124 Application Oracle Healthcare Foundation 7.1.1 * * * Version Details Vulnerabilities
125 Application Oracle Healthcare Foundation 7.2.0 * * * Version Details Vulnerabilities
126 Application Oracle Healthcare Foundation 7.2.2 * * * Version Details Vulnerabilities
127 Application Oracle Healthcare Foundation 7.3.0 * * * Version Details Vulnerabilities
128 Application Oracle Healthcare Translational Research 3.1.0 * * * Version Details Vulnerabilities
129 Application Oracle Healthcare Translational Research 3.2.1 * * * Version Details Vulnerabilities
130 Application Oracle Healthcare Translational Research 3.3.1 * * * Version Details Vulnerabilities
131 Application Oracle Healthcare Translational Research 3.3.2 * * * Version Details Vulnerabilities
132 Application Oracle Healthcare Translational Research 3.4.0 * * * Version Details Vulnerabilities
133 Application Oracle Hospitality Guest Access 4.2.0 * * * Version Details Vulnerabilities
134 Application Oracle Hospitality Guest Access 4.2.1 * * * Version Details Vulnerabilities
135 Application Oracle Hospitality Materials Control 18.1 * * * Version Details Vulnerabilities
136 Application Oracle Hospitality Simphony * * * * Version Details Vulnerabilities
137 Application Oracle Hospitality Simphony 18.1 * * * Version Details Vulnerabilities
138 Application Oracle Hospitality Simphony 18.2 * * * Version Details Vulnerabilities
139 Application Oracle Identity Manager 12.2.1.3.0 * * * Version Details Vulnerabilities
140 Application Oracle Insurance Accounting Analyzer 8.0.9 * * * Version Details Vulnerabilities
141 Application Oracle Insurance Allocation Manager For Enterprise Profitability 8.0.8 * * * Version Details Vulnerabilities
142 Application Oracle Insurance Allocation Manager For Enterprise Profitability 8.1.0 * * * Version Details Vulnerabilities
143 Application Oracle Insurance Data Foundation * * * * Version Details Vulnerabilities
144 Application Oracle Insurance Ifrs 17 Analyzer 8.0.6 * * * Version Details Vulnerabilities
145 Application Oracle Insurance Ifrs 17 Analyzer 8.0.7 * * * Version Details Vulnerabilities
146 Application Oracle Insurance Insbridge Rating And Underwriting * * * * Version Details Vulnerabilities
147 Application Oracle Insurance Insbridge Rating And Underwriting 5.6.1.0 * * * Version Details Vulnerabilities
148 Application Oracle Insurance Performance Insight 8.0.7 * * * Version Details Vulnerabilities
149 Application Oracle Jd Edwards Enterpriseone Tools 9.2 * * * Version Details Vulnerabilities
150 Application Oracle Jdeveloper 11.1.1.9.0 * * * Version Details Vulnerabilities
151 Application Oracle Jdeveloper 12.2.1.3.0 * * * Version Details Vulnerabilities
152 Application Oracle Jdeveloper 12.2.1.4.0 * * * Version Details Vulnerabilities
153 Application Oracle Jdeveloper And Adf 11.1.1.9.0 * * * Version Details Vulnerabilities
154 Application Oracle Jdeveloper And Adf 12.1.3.0.0 * * * Version Details Vulnerabilities
155 Application Oracle Jdeveloper And Adf 12.2.1.3.0 * * * Version Details Vulnerabilities
156 Application Oracle Knowledge * * * * Version Details Vulnerabilities
157 Application Oracle Peoplesoft Enterprise Peopletools 8.55 * * * Version Details Vulnerabilities
158 Application Oracle Peoplesoft Enterprise Peopletools 8.56 * * * Version Details Vulnerabilities
159 Application Oracle Peoplesoft Enterprise Peopletools 8.57 * * * Version Details Vulnerabilities
160 Application Oracle Peoplesoft Enterprise Peopletools 8.58 * * * Version Details Vulnerabilities
161 Application Oracle Policy Automation * * * * Version Details Vulnerabilities
162 Application Oracle Policy Automation 10.4.7 * * * Version Details Vulnerabilities
163 Application Oracle Policy Automation 12.1.0 * * * Version Details Vulnerabilities
164 Application Oracle Policy Automation 12.1.1 * * * Version Details Vulnerabilities
165 Application Oracle Policy Automation Connector For Siebel 10.4.6 * * * Version Details Vulnerabilities
166 Application Oracle Policy Automation For Mobile Devices * * * * Version Details Vulnerabilities
167 Application Oracle Primavera Gateway * * * * Version Details Vulnerabilities
168 Application Oracle Primavera Gateway 15.2.18 * * * Version Details Vulnerabilities
169 Application Oracle Primavera Unifier * * * * Version Details Vulnerabilities
170 Application Oracle Primavera Unifier 16.1 * * * Version Details Vulnerabilities
171 Application Oracle Primavera Unifier 16.2 * * * Version Details Vulnerabilities
172 Application Oracle Primavera Unifier 18.8 * * * Version Details Vulnerabilities
173 Application Oracle Real-time Scheduler * * * * Version Details Vulnerabilities
174 Application Oracle Rest Data Services 11.2.0.4 * * * Version Details Vulnerabilities
175 Application Oracle Rest Data Services 12.1.0.2 * * * Version Details Vulnerabilities
176 Application Oracle Rest Data Services 12.2.0.1 * * * Version Details Vulnerabilities
177 Application Oracle Rest Data Services 18C * * * Version Details Vulnerabilities
178 Application Oracle Rest Data Services 19C * * * Version Details Vulnerabilities
179 Application Oracle Retail Back Office 14.0 * * * Version Details Vulnerabilities
180 Application Oracle Retail Back Office 14.1 * * * Version Details Vulnerabilities
181 Application Oracle Retail Central Office 14.0 * * * Version Details Vulnerabilities
182 Application Oracle Retail Central Office 14.1 * * * Version Details Vulnerabilities
183 Application Oracle Retail Customer Insights 15.0 * * * Version Details Vulnerabilities
184 Application Oracle Retail Customer Insights 16.0 * * * Version Details Vulnerabilities
185 Application Oracle Retail Customer Management And Segmentation Foundation 18.0 * * * Version Details Vulnerabilities
186 Application Oracle Retail Customer Management And Segmentation Foundation 19.0 * * * Version Details Vulnerabilities
187 Application Oracle Retail Point-of-service 14.0 * * * Version Details Vulnerabilities
188 Application Oracle Retail Point-of-service 14.1 * * * Version Details Vulnerabilities
189 Application Oracle Retail Returns Management 14.0 * * * Version Details Vulnerabilities
190 Application Oracle Retail Returns Management 14.1 * * * Version Details Vulnerabilities
191 Application Oracle Service Bus 11.1.1.9.0 * * * Version Details Vulnerabilities
192 Application Oracle Service Bus 12.1.3.0.0 * * * Version Details Vulnerabilities
193 Application Oracle Service Bus 12.2.1.3.0 * * * Version Details Vulnerabilities
194 Application Oracle Siebel Mobile Applications * * * * Version Details Vulnerabilities
195 Application Oracle Siebel Ui Framework 20.8 * * * Version Details Vulnerabilities
196 Application Oracle Storagetek Tape Analytics Sw Tool 2.3.0 * * * Version Details Vulnerabilities
197 Application Oracle System Utilities 19.1 * * * Version Details Vulnerabilities
198 Application Oracle Tape Library Acsls 8.5 * * * Version Details Vulnerabilities
199 Application Oracle Tape Library Acsls 8.5.1 * * * Version Details Vulnerabilities
200 Application Oracle Transportation Management 1.4.3 * * * Version Details Vulnerabilities
201 Application Oracle Utilities Mobile Workforce Management * * * * Version Details Vulnerabilities
202 Application Oracle Webcenter Sites 12.2.1.3.0 * * * Version Details Vulnerabilities
203 Application Oracle Weblogic Server 10.3.6.0.0 * * * Version Details Vulnerabilities
204 Application Oracle Weblogic Server 12.1.3.0.0 * * * Version Details Vulnerabilities
205 Application Oracle Weblogic Server 12.2.1.3.0 * * * Version Details Vulnerabilities
206 Application Oracle Weblogic Server 12.2.1.4.0 * * * Version Details Vulnerabilities
207 Application Oracle Weblogic Server 14.1.1.0.0 * * * Version Details Vulnerabilities
208 Application Redhat Cloudforms 4.7 * * * Version Details Vulnerabilities
209 Application Redhat Virtualization Manager 4.3 * * * Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor Product Vulnerable Versions
Backdropcms Backdrop 1
Debian Debian Linux 2
Drupal Drupal 1
Fedoraproject Fedora 3
Joomla Joomla\! 1
Jquery Jquery 1
Netapp Oncommand System Manager 1
Netapp Snapcenter 1
Opensuse Backports Sle 1
Opensuse Leap 1
Oracle Agile Product Lifecycle Management For Process 5
Oracle Application Express 1
Oracle Application Service Level Management 2
Oracle Application Testing Suite 6
Oracle Banking Digital Experience 6
Oracle Banking Enterprise Collections 1
Oracle Banking Platform 1
Oracle Bi Publisher 3
Oracle Big Data Discovery 1
Oracle Business Process Management Suite 2
Oracle Communications Analytics 1
Oracle Communications Application Session Controller 1
Oracle Communications Billing And Revenue Management 4
Oracle Communications Diameter Signaling Router 4
Oracle Communications Eagle Application Processor 1
Oracle Communications Element Manager 3
Oracle Communications Interactive Session Recorder 1
Oracle Communications Operations Monitor 4
Oracle Communications Services Gatekeeper 1
Oracle Communications Session Report Manager 3
Oracle Communications Session Route Manager 3
Oracle Communications Unified Inventory Management 2
Oracle Communications Webrtc Session Controller 1
Oracle Diagnostic Assistant 1
Oracle Enterprise Manager Ops Center 3
Oracle Enterprise Session Border Controller 1
Oracle Financial Services Analytical Applications Infrastructure 1
Oracle Financial Services Analytical Applications Reconciliation Framework 2
Oracle Financial Services Asset Liability Management 2
Oracle Financial Services Balance Sheet Planning 1
Oracle Financial Services Basel Regulatory Capital Basic 2
Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach 2
Oracle Financial Services Data Foundation 1
Oracle Financial Services Data Governance For Us Regulatory Reporting 1
Oracle Financial Services Data Integration Hub 2
Oracle Financial Services Enterprise Financial Performance Analytics 2
Oracle Financial Services Funds Transfer Pricing 2
Oracle Financial Services Hedge Management And Ifrs Valuations 2
Oracle Financial Services Institutional Performance Analytics 2
Oracle Financial Services Liquidity Risk Management 5
Oracle Financial Services Liquidity Risk Measurement And Management 3
Oracle Financial Services Loan Loss Forecasting And Provisioning 2
Oracle Financial Services Market Risk Measurement And Management 3
Oracle Financial Services Price Creation And Discovery 1
Oracle Financial Services Profitability Management 2
Oracle Financial Services Regulatory Reporting For De Nederlandsche Bank 1
Oracle Financial Services Regulatory Reporting For European Banking Authority 2
Oracle Financial Services Regulatory Reporting For Us Federal Reserve 1
Oracle Financial Services Retail Customer Analytics 1
Oracle Financial Services Retail Performance Analytics 2
Oracle Financial Services Revenue Management And Billing 2
Oracle Fusion Middleware Mapviewer 1
Oracle Healthcare Foundation 4
Oracle Healthcare Translational Research 5
Oracle Hospitality Guest Access 2
Oracle Hospitality Materials Control 1
Oracle Hospitality Simphony 3
Oracle Identity Manager 1
Oracle Insurance Accounting Analyzer 1
Oracle Insurance Allocation Manager For Enterprise Profitability 2
Oracle Insurance Data Foundation 1
Oracle Insurance Ifrs 17 Analyzer 2
Oracle Insurance Insbridge Rating And Underwriting 2
Oracle Insurance Performance Insight 1
Oracle Jd Edwards Enterpriseone Tools 1
Oracle Jdeveloper 3
Oracle Jdeveloper And Adf 3
Oracle Knowledge 1
Oracle Peoplesoft Enterprise Peopletools 4
Oracle Policy Automation 4
Oracle Policy Automation Connector For Siebel 1
Oracle Policy Automation For Mobile Devices 1
Oracle Primavera Gateway 2
Oracle Primavera Unifier 4
Oracle Real-time Scheduler 1
Oracle Rest Data Services 5
Oracle Retail Back Office 2
Oracle Retail Central Office 2
Oracle Retail Customer Insights 2
Oracle Retail Customer Management And Segmentation Foundation 2
Oracle Retail Point-of-service 2
Oracle Retail Returns Management 2
Oracle Service Bus 3
Oracle Siebel Mobile Applications 1
Oracle Siebel Ui Framework 1
Oracle Storagetek Tape Analytics Sw Tool 1
Oracle System Utilities 1
Oracle Tape Library Acsls 2
Oracle Transportation Management 1
Oracle Utilities Mobile Workforce Management 1
Oracle Webcenter Sites 1
Oracle Weblogic Server 5
Redhat Cloudforms 1
Redhat Virtualization Manager 1

- References For CVE-2019-11358

https://lists.apache.org/thread.html/[email protected]%3Cdev.storm.apache.org%3E
MLIST [storm-dev] 20200708 [GitHub] [storm] Crim opened a new pull request #3305: [STORM-3553] Upgrade jQuery from 1.11.1 to 3.5.1
http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html
https://www.debian.org/security/2019/dsa-4434
DEBIAN DSA-4434
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 CONFIRM
https://www.tenable.com/security/tns-2020-02 CONFIRM
https://www.oracle.com/security-alerts/cpuapr2020.html
N/A N/A
https://lists.apache.org/thread.html/[email protected]%3Cdev.syncope.apache.org%3E
MLIST [syncope-dev] 20200423 Jquery version on 2.1.x/2.0.x
https://lists.apache.org/thread.html/[email protected]%3Cissues.flink.apache.org%3E
MLIST [flink-issues] 20200518 [jira] [Updated] (FLINK-17675) Resolve CVE-2019-11358 from jquery
https://lists.apache.org/thread.html/[email protected]%3Ccommits.airflow.apache.org%3E
MLIST [airflow-commits] 20190428 [GitHub] [airflow] feng-tao opened a new pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358
https://www.oracle.com/security-alerts/cpujul2020.html
https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/
https://seclists.org/bugtraq/2019/Apr/32
BUGTRAQ 20190421 [SECURITY] [DSA 4434-1] drupal7 security update
https://lists.apache.org/thread.html/[email protected]%3Ccommits.nifi.apache.org%3E
MLIST [nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html
https://snyk.io/vuln/SNYK-JS-JQUERY-174006
https://lists.apache.org/thread.html/[email protected]%3Cissues.flink.apache.org%3E
MLIST [flink-issues] 20200518 [jira] [Commented] (FLINK-17675) Resolve CVE-2019-11358 from jquery
https://lists.apache.org/thread.html/[email protected]%3Ccommits.nifi.apache.org%3E
MLIST [nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html
https://lists.apache.org/thread.html/[email protected]%3Ccommits.airflow.apache.org%3E
MLIST [airflow-commits] 20190428 [GitHub] [airflow] XD-DENG merged pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
https://lists.apache.org/thread.html/[email protected]%3Cdev.drill.apache.org%3E
MLIST [drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities
https://lists.apache.org/thread.html/[email protected]%3Cdev.drill.apache.org%3E
MLIST [drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
https://lists.apache.org/thread.html/[email protected]%3Cissues.drill.apache.org%3E
MLIST [drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
https://www.synology.com/security/advisory/Synology_SA_19_19 CONFIRM
https://access.redhat.com/errata/RHSA-2019:3023
REDHAT RHSA-2019:3023
https://access.redhat.com/errata/RHSA-2019:3024
REDHAT RHSA-2019:3024
https://security.netapp.com/advisory/ntap-20190919-0001/ CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
SUSE openSUSE-SU-2019:1872
https://lists.apache.org/thread.html/[email protected]%3Ccommits.roller.apache.org%3E
MLIST [roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js
https://access.redhat.com/errata/RHSA-2019:2587
REDHAT RHSA-2019:2587
https://access.redhat.com/errata/RHSA-2019:1456
REDHAT RHSA-2019:1456
https://www.debian.org/security/2019/dsa-4460
DEBIAN DSA-4460
https://seclists.org/bugtraq/2019/Jun/12
BUGTRAQ 20190612 [SECURITY] [DSA 4460-1] mediawiki security update
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
SUSE openSUSE-SU-2019:1839
https://access.redhat.com/errata/RHBA-2019:1570
REDHAT RHBA-2019:1570
http://seclists.org/fulldisclosure/2019/May/10
FULLDISC 20190510 dotCMS v5.1.1 Vulnerabilities
https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html
MLIST [debian-lts-announce] 20190520 [SECURITY] [DLA 1797-1] drupal7 security update
http://www.openwall.com/lists/oss-security/2019/06/03/2
MLIST [oss-security] 20190603 Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358)
http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html
http://seclists.org/fulldisclosure/2019/May/13
FULLDISC 20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability
http://seclists.org/fulldisclosure/2019/May/11
FULLDISC 20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability
http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html
https://seclists.org/bugtraq/2019/May/18
BUGTRAQ 20190509 dotCMS v5.1.1 Vulnerabilities
https://lists.fedoraproject.org/archives/list/[email protected]/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/
FEDORA FEDORA-2019-a06dffab1c
https://lists.fedoraproject.org/archives/list/[email protected]/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/
FEDORA FEDORA-2019-f563e66380
https://lists.fedoraproject.org/archives/list/[email protected]/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/
FEDORA FEDORA-2019-2a0ce0c58c
https://lists.fedoraproject.org/archives/list/[email protected]/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/
FEDORA FEDORA-2019-7eaf0bbe7c
https://lists.fedoraproject.org/archives/list/[email protected]/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/
FEDORA FEDORA-2019-1a3edd7e8a
https://lists.fedoraproject.org/archives/list/[email protected]/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/
FEDORA FEDORA-2019-eba8e44ee6
https://lists.apache.org/thread.html/[email protected]%3Ccommits.airflow.apache.org%3E
MLIST [airflow-commits] 20190428 [GitHub] [airflow] feng-tao commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358
https://lists.apache.org/thread.html/[email protected]%3Ccommits.airflow.apache.org%3E
MLIST [airflow-commits] 20190428 [GitHub] [airflow] codecov-io commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358
https://lists.apache.org/thread.html/[email protected]%3Cissues.flink.apache.org%3E
MLIST [flink-issues] 20200518 [jira] [Assigned] (FLINK-17675) Resolve CVE-2019-11358 from jquery
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html
MLIST [debian-lts-announce] 20190506 [SECURITY] [DLA 1777-1] jquery security update
https://lists.apache.org/thread.html/[email protected]%3Ccommits.airflow.apache.org%3E
MLIST [airflow-commits] 20190428 [GitHub] [airflow] XD-DENG commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358
https://lists.apache.org/thread.html/[email protected]%3Cissues.flink.apache.org%3E
MLIST [flink-issues] 20200520 [jira] [Closed] (FLINK-17675) Resolve CVE-2019-11358 from jquery
https://www.tenable.com/security/tns-2019-08 CONFIRM
https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html
MLIST [debian-lts-announce] 20200224 [SECURITY] [DLA 2118-1] otrs2 security update
https://backdropcms.org/security/backdrop-sa-core-2019-009
http://www.securityfocus.com/bid/108023
BID 108023 JQuery CVE-2019-11358 Cross Site Scripting Vulnerability Release Date:2019-07-17
https://lists.apache.org/thread.html/[email protected]%3Cdev.flink.apache.org%3E
MLIST [flink-dev] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery
https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b
https://github.com/jquery/jquery/pull/4333
https://lists.apache.org/thread.html/[email protected]%3Cissues.flink.apache.org%3E
MLIST [flink-issues] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery
https://www.oracle.com//security-alerts/cpujul2021.html
N/A N/A
https://www.drupal.org/sa-core-2019-006

- Metasploit Modules Related To CVE-2019-11358

There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.