CVE-2021-41183 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.5 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
GitHub_M	CNA	6.5 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 81%

Vendor	Product	Version
jqueryui	jquery_ui	𝑥 < 1.13.0
netapp	h300s_firmware	-
netapp	h500s_firmware	-
netapp	h700s_firmware	-
netapp	h300e_firmware	-
netapp	h500e_firmware	-
netapp	h700e_firmware	-
netapp	h410s_firmware	-
netapp	h410c_firmware	-
debian	debian_linux	9.0
drupal	drupal	7.0 ≤ 𝑥 < 7.86
drupal	drupal	9.2.0 ≤ 𝑥 < 9.2.11
drupal	drupal	9.3.0 ≤ 𝑥 < 9.3.3
oracle	agile_plm	9.3.6
oracle	application_express	𝑥 < 22.1.1
oracle	banking_platform	2.9.0
oracle	banking_platform	2.12.0
oracle	big_data_spatial_and_graph	𝑥 < 23.1
oracle	big_data_spatial_and_graph	23.1
oracle	communications_interactive_session_recorder	6.4
oracle	communications_operations_monitor	4.3
oracle	communications_operations_monitor	4.4
oracle	communications_operations_monitor	5.0
oracle	hospitality_inventory_management	9.1.0
oracle	hospitality_suite8	8.11.0 ≤ 𝑥 ≤ 11.14.0
oracle	hospitality_suite8	8.10.2
oracle	jd_edwards_enterpriseone_tools	𝑥 ≤ 9.2.6.3
oracle	mysql_enterprise_monitor	𝑥 ≤ 8.0.29
oracle	peoplesoft_enterprise_peopletools	8.58
oracle	peoplesoft_enterprise_peopletools	8.59
oracle	policy_automation	12.2.0 ≤ 𝑥 ≤ 12.2.5
oracle	primavera_gateway	17.7 ≤ 𝑥 ≤ 17.12
oracle	primavera_gateway	18.8.0
oracle	primavera_gateway	19.12.0
oracle	primavera_gateway	20.12.0
oracle	primavera_gateway	21.12.0
oracle	rest_data_services	𝑥 < 22.1.1
oracle	rest_data_services	22.1.1
oracle	weblogic_server	12.2.1.3.0
oracle	weblogic_server	12.2.1.4.0
oracle	weblogic_server	14.1.1.0.0
tenable	tenable.sc	𝑥 < 5.21.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

jqueryui

bullseye	1.12.1+dfsg-8+deb11u2 no-dsa
stretch	no-dsa
bookworm	1.13.2+dfsg-1 fixed
sid	1.13.2+dfsg-1 fixed
trixie	1.13.2+dfsg-1 fixed

otrs2

bullseye/non-free	vulnerable
stretch	no-dsa

Ubuntu Releases

Ubuntu Product

Codename

jqueryui

mantic	not-affected
lunar	not-affected
kinetic	ignored
jammy	not-affected
impish	ignored
hirsute	ignored
focal	Fixed 1.12.1+dfsg-5ubuntu0.20.04.1 released
bionic	Fixed 1.12.1+dfsg-5ubuntu0.18.04.1~esm3 released
xenial	Fixed 1.10.1+dfsg-1ubuntu0.16.04.1~esm1 released
trusty	Fixed 1.10.1+dfsg-1ubuntu0.14.04.1~esm1 released

Known Exploits!

Common Weakness Enumeration

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References

https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/

https://bugs.jqueryui.com/ticket/15284

https://github.com/jquery/jquery-ui/pull/1953

https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4

https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html

https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/

https://security.netapp.com/advisory/ntap-20211118-0004/

https://www.drupal.org/sa-contrib-2022-004

https://www.drupal.org/sa-core-2022-001

https://www.drupal.org/sa-core-2022-002

https://www.oracle.com/security-alerts/cpuapr2022.html

https://www.oracle.com/security-alerts/cpujul2022.html

https://www.tenable.com/security/tns-2022-09

https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/

https://bugs.jqueryui.com/ticket/15284

https://github.com/jquery/jquery-ui/pull/1953

https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4

https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html

https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/

https://security.netapp.com/advisory/ntap-20211118-0004/

https://www.drupal.org/sa-contrib-2022-004

https://www.drupal.org/sa-core-2022-001

https://www.drupal.org/sa-core-2022-002

https://www.oracle.com/security-alerts/cpuapr2022.html

https://www.oracle.com/security-alerts/cpujul2022.html

https://www.tenable.com/security/tns-2022-09