CVE-2019-17091
- Source
- https://cve.org/CVERecord?id=CVE-2019-17091
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-17091.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2019-17091
- Aliases
- Published
- 2019-10-02T14:15:12.600Z
- Modified
- 2026-06-18T04:04:57.599315696Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client window field is mishandled.
- Database specific
{ "unresolved_ranges": [ { "vendor_product": "oracle:communications_diameter_signaling_router", "cpes": [ "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*" ], "source": "CPE_RANGE", "extracted_events": [ { "introduced": "8.0.0.0" }, { "last_affected": "8.4.0.5" } ] }, { "vendor_product": "oracle:mojarra_javaserver_faces", "extracted_events": [ { "introduced": "2.2.0" }, { "fixed": "2.2.20" } ], "source": "CPE_RANGE", "cpes": [ "cpe:2.3:a:oracle:mojarra_javaserver_faces:*:*:*:*:*:*:*:*" ] }, { "vendor_product": "oracle:primavera_p6_enterprise_project_portfolio_management", "extracted_events": [ { "introduced": "15.1.0.0" }, { "last_affected": "15.2.18.7" }, { "introduced": "16.1.0.0" }, { "last_affected": "16.2.19.0" }, { "introduced": "17.1.0.0" }, { "last_affected": "17.12.15.0" }, { "introduced": "18.1.0.0" }, { "last_affected": "18.8.15.0" } ], "source": "CPE_RANGE", "cpes": [ "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*" ] }, { "vendor_product": "oracle:time_and_labor", "extracted_events": [ { "introduced": "12.2.6" }, { "last_affected": "12.2.11" } ], "source": "CPE_RANGE", "cpes": [ "cpe:2.3:a:oracle:time_and_labor:*:*:*:*:*:*:*:*" ] }, { "vendor_product": "oracle:application_testing_suite", "extracted_events": [ { "last_affected": "13.2.0.1" }, { "last_affected": "13.3.0.1" } ], "source": "CPE_STRING", "cpes": [ "cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*" ] }, { "vendor_product": "oracle:banking_enterprise_product_manufacturing", "extracted_events": [ { "last_affected": "2.7.0" }, { "last_affected": "2.8.0" } ], "source": "CPE_STRING", "cpes": [ "cpe:2.3:a:oracle:banking_enterprise_product_manufacturing:2.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:banking_enterprise_product_manufacturing:2.8.0:*:*:*:*:*:*:*" ] }, { "vendor_product": "oracle:communications_network_integrity", "cpes": [ "cpe:2.3:a:oracle:communications_network_integrity:7.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*" ], "source": "CPE_STRING", "extracted_events": [ { "last_affected": "7.3.5" }, { "last_affected": "7.3.6" } ] }, { "vendor_product": "oracle:communications_unified_inventory_management", "cpes": [ "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*" ], "source": "CPE_STRING", "extracted_events": [ { "last_affected": "7.3.0" }, { "last_affected": "7.4.0" } ] }, { "vendor_product": "oracle:enterprise_data_quality", "extracted_events": [ { "last_affected": "12.2.1.3.0" } ], "source": "CPE_STRING", "cpes": [ "cpe:2.3:a:oracle:enterprise_data_quality:12.2.1.3.0:*:*:*:*:*:*:*" ] }, { "vendor_product": "oracle:health_sciences_information_manager", "cpes": [ "cpe:2.3:a:oracle:health_sciences_information_manager:3.0:*:*:*:*:*:*:*" ], "source": "CPE_STRING", "extracted_events": [ { "last_affected": "3.0" } ] }, { "vendor_product": "oracle:healthcare_data_repository", "extracted_events": [ { "last_affected": "7.0" } ], "source": "CPE_STRING", "cpes": [ "cpe:2.3:a:oracle:healthcare_data_repository:7.0:*:*:*:*:*:*:*" ] }, { "vendor_product": "oracle:primavera_p6_enterprise_project_portfolio_management", "extracted_events": [ { "last_affected": "19.12.0.0" } ], "source": "CPE_STRING", "cpes": [ "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:19.12.0.0:*:*:*:*:*:*:*" ] }, { "vendor_product": "oracle:rapid_planning", "extracted_events": [ { "last_affected": "12.1" }, { "last_affected": "12.2" } ], "source": "CPE_STRING", "cpes": [ "cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*" ] }, { "vendor_product": "oracle:retail_advanced_inventory_planning", "cpes": [ "cpe:2.3:a:oracle:retail_advanced_inventory_planning:15.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_advanced_inventory_planning:16.0:*:*:*:*:*:*:*" ], "source": "CPE_STRING", "extracted_events": [ { "last_affected": "15.0" }, { "last_affected": "16.0" } ] }, { "vendor_product": "oracle:retail_assortment_planning", "cpes": [ "cpe:2.3:a:oracle:retail_assortment_planning:16.0.3:*:*:*:*:*:*:*" ], "source": "CPE_STRING", "extracted_events": [ { "last_affected": "16.0.3" } ] }, { "vendor_product": "oracle:retail_bulk_data_integration", "extracted_events": [ { "last_affected": "16.0.3.0" } ], "source": "CPE_STRING", "cpes": [ "cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3.0:*:*:*:*:*:*:*" ] }, { "vendor_product": "oracle:retail_financial_integration", "cpes": [ "cpe:2.3:a:oracle:retail_financial_integration:15.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_financial_integration:16.0:*:*:*:*:*:*:*" ], "source": "CPE_STRING", "extracted_events": [ { "last_affected": "15.0" }, { "last_affected": "16.0" } ] }, { "vendor_product": "oracle:retail_integration_bus", "extracted_events": [ { "last_affected": "15.0" }, { "last_affected": "16.0" } ], "source": "CPE_STRING", "cpes": [ "cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*" ] }, { "vendor_product": "oracle:retail_invoice_matching", "extracted_events": [ { "last_affected": "16.0" } ], "source": "CPE_STRING", "cpes": [ "cpe:2.3:a:oracle:retail_invoice_matching:16.0:*:*:*:*:*:*:*" ] }, { "vendor_product": "oracle:retail_merchandising_system", "extracted_events": [ { "last_affected": "16.0" } ], "source": "CPE_STRING", "cpes": [ "cpe:2.3:a:oracle:retail_merchandising_system:16.0:*:*:*:*:*:*:*" ] }, { "vendor_product": "oracle:retail_service_backbone", "cpes": [ "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*" ], "source": "CPE_STRING", "extracted_events": [ { "last_affected": "15.0" }, { "last_affected": "16.0" } ] }, { "vendor_product": "oracle:retail_store_inventory_management", "extracted_events": [ { "last_affected": "14.0.4" }, { "last_affected": "14.1.3" }, { "last_affected": "15.0.3" }, { "last_affected": "16.0.3" } ], "source": "CPE_STRING", "cpes": [ "cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3:*:*:*:*:*:*:*" ] }, { "vendor_product": "oracle:secure_global_desktop", "extracted_events": [ { "last_affected": "5.4" }, { "last_affected": "5.5" } ], "source": "CPE_STRING", "cpes": [ "cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:secure_global_desktop:5.5:*:*:*:*:*:*:*" ] } ] }- References
-
- https://github.com/eclipse-ee4j/mojarra/compare/2.3.9-RELEASE...2.3.10-RELEASE
- https://github.com/eclipse-ee4j/mojarra/issues/4556
- https://bugs.eclipse.org/bugs/show_bug.cgi?id=548244
- https://github.com/eclipse-ee4j/mojarra/commit/8f70f2bd024f00ecd5b3dcca45df73edda29dcee
- https://github.com/eclipse-ee4j/mojarra/commit/a3fa9573789ed5e867c43ea38374f4dbd5a8f81f
- https://github.com/eclipse-ee4j/mojarra/pull/4567
- https://github.com/javaserverfaces/mojarra/commit/ae1c234d0a6750822ac69d4ae26d90e3571f27fe
- https://github.com/javaserverfaces/mojarra/commit/f61935cd39f34329fbf27b1972a506fbdd0ab4d4
- https://github.com/javaserverfaces/mojarra/compare/2.2.19...2.2.20
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://github.com/eclipse-ee4j/mojarra/files/3039198/advisory.txt
Affected packages
Git / github.com/eclipse-ee4j/mojarra
Affected ranges
- Type
- GIT
- Repo
- https://github.com/eclipse-ee4j/mojarra
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixedFixed
- Database specific
{ "cpe": "cpe:2.3:a:eclipse:mojarra:*:*:*:*:*:*:*:*", "source": [ "CPE_RANGE", "REFERENCES" ], "extracted_events": [ { "introduced": "2.3.0" }, { "fixed": "2.3.10" } ] }