{ "threat_severity" : "Moderate", "public_date" : "2020-11-12T00:00:00Z", "bugzilla" : { "description" : "cxf: XSS via the styleSheetPath", "id" : "1898235", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1898235" }, "cvss3" : { "cvss3_base_score" : "6.1", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status" : "verified" }, "cwe" : "CWE-79", "details" : [ "By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the styleSheetPath, which allows a malicious actor to inject javascript into the web page. This vulnerability affects all versions of Apache CXF prior to 3.4.1 and 3.3.8. Please note that this is a separate issue to CVE-2019-17573." ], "affected_release" : [ { "product_name" : "Red Hat Fuse 7.9", "release_date" : "2021-08-11T00:00:00Z", "advisory" : "RHSA-2021:3140", "cpe" : "cpe:/a:redhat:jboss_fuse:7", "package" : "cxf-core" }, { "product_name" : "Red Hat Integration", "release_date" : "2021-08-18T00:00:00Z", "advisory" : "RHSA-2021:3205", "cpe" : "cpe:/a:redhat:integration:1" } ], "package_state" : [ { "product_name" : "Red Hat BPM Suite 6", "fix_state" : "Out of support scope", "package_name" : "cxf", "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform" }, { "product_name" : "Red Hat BPM Suite 6", "fix_state" : "Out of support scope", "package_name" : "cxf-core", "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform" }, { "product_name" : "Red Hat Decision Manager 7", "fix_state" : "Affected", "package_name" : "cxf-core", "cpe" : "cpe:/a:redhat:jboss_enterprise_brms_platform:7", "impact" : "low" }, { "product_name" : "Red Hat Integration Camel K 1", "fix_state" : "Will not fix", "package_name" : "cxf-core", "cpe" : "cpe:/a:redhat:integration:1" }, { "product_name" : "Red Hat Integration Camel Quarkus 1", "fix_state" : "Will not fix", "package_name" : "cxf-core", "cpe" : "cpe:/a:redhat:camel_quarkus:2", "impact" : "moderate" }, { "product_name" : "Red Hat JBoss BRMS 6", "fix_state" : "Out of support scope", "package_name" : "cxf", "cpe" : "cpe:/a:redhat:jboss_enterprise_brms_platform:6" }, { "product_name" : "Red Hat JBoss Data Virtualization 6", "fix_state" : "Out of support scope", "package_name" : "cxf-core", "cpe" : "cpe:/a:redhat:jboss_data_virtualization:6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6", "fix_state" : "Out of support scope", "package_name" : "cxf-core", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7", "fix_state" : "Will not fix", "package_name" : "cxf", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform Continuous Delivery", "fix_state" : "Out of support scope", "package_name" : "cxf", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_cd" }, { "product_name" : "Red Hat JBoss Fuse 6", "fix_state" : "Out of support scope", "package_name" : "cxf-core", "cpe" : "cpe:/a:redhat:jboss_fuse:6" }, { "product_name" : "Red Hat OpenShift Application Runtimes", "fix_state" : "Affected", "package_name" : "cxf-core", "cpe" : "cpe:/a:redhat:openshift_application_runtimes:1.0" }, { "product_name" : "Red Hat Process Automation 7", "fix_state" : "Affected", "package_name" : "cxf-core", "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "impact" : "low" }, { "product_name" : "Red Hat Single Sign-On 7", "fix_state" : "Will not fix", "package_name" : "cxf-core", "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7" }, { "product_name" : "Red Hat support for Spring Boot", "fix_state" : "Will not fix", "package_name" : "cxf-core", "cpe" : "cpe:/a:redhat:openshift_application_runtimes:1.0" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2020-13954\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-13954" ], "name" : "CVE-2020-13954", "mitigation" : { "value" : "Users can disable the service listing altogether by setting the \"hide-service-list-page\" servlet parameter to \"true\".", "lang" : "en:us" }, "csaw" : false }