CVE-2019-17495

Published Oct 10, 2019

Last updated a year ago

CVSS critical 9.8

Overview

Description: A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows the embedding of untrusted JSON data from remote servers, but it was not previously known that <style>@import within the JSON data was a functional attack method.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-352

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:smartbear:swagger_ui:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "57CBDCB1-31D5-4063-B9BF-51B6AEADF76A",
            "versionEndExcluding": "3.23.11"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:banking_apis:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6DF2D056-3118-4C31-BEDD-69F016898CBB",
            "versionEndIncluding": "18.3",
            "versionStartIncluding": "18.1"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_apis:19.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CF34B11F-3DE1-4C22-8EB1-AEE5CE5E4172"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_apis:19.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "86F03B63-F922-45CD-A7D1-326DB0042875"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_apis:20.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7CBFC93F-8B39-45A2-981C-59B187169BD4"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0843465C-F940-4FFC-998D-9A2668B75EA0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "366A6277-5D74-44C8-94A9-8ADB5568B5FB",
            "versionEndIncluding": "18.3",
            "versionStartIncluding": "18.1"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F7BDFC10-45A0-46D8-AB92-4A5E2C1C76ED"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "18127694-109C-4E7E-AE79-0BA351849291"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_digital_experience:21.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0D6895A6-511A-4DC6-9F9B-58E05B86BDB1"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3625D477-1338-46CB-90B1-7291D617DC39",
            "versionEndIncluding": "2.10.0",
            "versionStartIncluding": "2.4.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "06CF27F6-ADC1-480C-9D2E-2BD1E7330C32",
            "versionEndIncluding": "16.2.11",
            "versionStartIncluding": "16.2.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C46E7006-37B5-4A23-8116-C54D683D32D1",
            "versionEndIncluding": "17.12.8",
            "versionStartIncluding": "17.12.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:utilities_framework:4.3.0.6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8DF02546-3F0D-4FDD-89B1-8A3FE43FB5BF"
          },
          {
            "criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F906F04-39E4-4BE4-8A73-9D058AAADB43"
          },
          {
            "criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7B393A82-476A-4270-A903-38ED4169E431"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References