VDB
CVE-2018-10934
CVE-2018-10934
PUBLISHED
CVSS 5.400000095367432 MEDIUM
A cross-site scripting (XSS) vulnerability was found in the JBoss Management Console versions before 7.1.6.CR1, 7.1.6.GA. Users with roles that can create objects in the application can exploit this to attack other privileged users.
EPSS 0.41% · 62.0th percentile
Risk Scores
CVSS 3.0
5.400000095367432
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS Score
0.41%
62.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| redhat | jboss_enterprise_application_platform | 7.0, 7.1.0 |
| Red Hat | wildfly-core | 7.1.6.CR1, 7.1.6.GA |
| redhat | single_sign-on | 7.2 |
Exploit Intelligence
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10934 (circl)
- RHSA-2019:1160 (circl)
- RHSA-2019:1162 (circl)
- RHSA-2019:1159 (circl)
- RHSA-2019:1161 (circl)
- https://security.netapp.com/advisory/ntap-20190611-0002/ (circl)
Timeline
- Mar 27, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10934 url
- RHSA-2019:1160 vendor-advisory
- RHSA-2019:1162 vendor-advisory
- RHSA-2019:1159 vendor-advisory
- RHSA-2019:1161 vendor-advisory
- https://security.netapp.com/advisory/ntap-20190611-0002/ url
- https://nvd.nist.gov/vuln/detail/CVE-2018-10934 advisory
- https://security.netapp.com/advisory/ntap-20190611-0002 url