| Max CVSS | 6.0 | Min CVSS | 3.5 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2019-3888 | 5.0 |
A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUE
|
20-02-2022 - 06:11 | 12-06-2019 - 14:29 | |
| CVE-2019-3872 | 3.5 |
It was found that a SAMLRequest containing a script could be processed by Picketlink versions shipped in Jboss Application Platform 7.2.x and 7.1.x. An attacker could use this to send a malicious script to achieve cross-site scripting and obtain unau
|
09-10-2019 - 23:49 | 12-06-2019 - 14:29 | |
| CVE-2019-3873 | 6.0 |
It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve cross-site scripting or possibly conduct further a
|
06-07-2019 - 19:15 | 12-06-2019 - 14:29 |