Vulnerability Name:

CVE-2019-17495 (CCN-169050)

Assigned:2019-10-07
Published:2019-10-07
Updated:2022-07-25
Summary:A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows the embedding of untrusted JSON data from remote servers, but it was not previously known that <style>@import within the JSON data was a functional attack method.
CVSS v3 Severity:9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-352
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2019-17495

Source: XF
Type: UNKNOWN
swaggerui-cve201917495-info-disc(169050)

Source: CCN
Type: swagger-ui GIT Repository
Swagger UI

Source: MISC
Type: Release Notes
https://github.com/swagger-api/swagger-ui/releases/tag/v3.23.11

Source: CCN
Type: GitHub Web site
CSS-injection-in-Swagger-UI

Source: MISC
Type: Exploit, Third Party Advisory
https://github.com/tarantula-team/CSS-injection-in-Swagger-UI

Source: MLIST
Type: Mailing List, Third Party Advisory
[airflow-commits] 20210920 [GitHub] [airflow] beltran-rubo opened a new issue #18383: CVE-2019-17495 for swagger-ui

Source: MLIST
Type: Mailing List, Third Party Advisory
[airflow-commits] 20210920 [GitHub] [airflow] boring-cyborg[bot] commented on issue #18383: CVE-2019-17495 for swagger-ui

Source: MLIST
Type: Mailing List, Third Party Advisory
[airflow-commits] 20210921 [GitHub] [airflow] beltran-rubo closed issue #18383: CVE-2019-17495 for swagger-ui

Source: MLIST
Type: Mailing List, Third Party Advisory
[airflow-commits] 20210921 [GitHub] [airflow] beltran-rubo commented on issue #18383: CVE-2019-17495 for swagger-ui

Source: MLIST
Type: Mailing List, Third Party Advisory
[airflow-commits] 20210920 [GitHub] [airflow] uranusjr commented on issue #18383: CVE-2019-17495 for swagger-ui

Source: CCN
Type: IBM Security Bulletin 1165882 (Cloud Private)
A Security Vulnerability affects IBM Cloud Private - Swagger UI (CVE-2019-17495)

Source: CCN
Type: IBM Security Bulletin 1274596 (WebSphere Application Server Liberty)
Swagger vulnerability affects WebSphere Application Server Liberty (CVE-2019-17495)

Source: CCN
Type: IBM Security Bulletin 6100474 (Cloud Transformation Advisor)
IBM Cloud Transformation Advisor is affected by a vulnerability in WebSphere Application Server Liberty (CVE-2019-17495)

Source: CCN
Type: IBM Security Bulletin 6113998 (WebSphere Application Server in Cloud)
Multiple Security Vulnerabilities Affect IBM WebSphere Application Server in IBM Cloud

Source: CCN
Type: IBM Security Bulletin 6202528 (Cloud Pak for Data)
Vulnerabilities in WebSphere Liberty affecting Watson Knowledge Catalog for IBM Cloud Pak for Data

Source: CCN
Type: IBM Security Bulletin 6207084 (InfoSphere Streams)
Vulnerabilities in Swagger affects WebSphere Application Server Liberty

Source: CCN
Type: IBM Security Bulletin 6207100 (InfoSphere Information Server)
IBM InfoSphere Information Server is affected by multiple vulnerabilities in WebSphere Application Server Liberty

Source: CCN
Type: IBM Security Bulletin 6208292 (Cloud Private)
IBM Cloud Private is vulnerable to an IBM WebSphere Application Server Liberty vulnerability (CVE-2019-17495)

Source: CCN
Type: IBM Security Bulletin 6214472 (Planning Analytics Local)
IBM Planning Analytics Workspace is affected by security vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6221308 (Spectrum Protect Plus)
Vulnerability in Swagger affects IBM Spectrum Protect Plus (CVE-2019-17495)

Source: CCN
Type: IBM Security Bulletin 6235074 (Cloud Pak for Automation)
Multiple vulnerabilities in middleware software affect IBM Cloud Pak for Automation

Source: CCN
Type: IBM Security Bulletin 6236448 (Voice Gateway)
Security vulnerability in IBM WebSphere Application Server affects IBM Voice Gateway

Source: CCN
Type: IBM Security Bulletin 6245720 (StoredIQ InstaScan)
A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM StoredIQ InstaScan (CVE-2019-17495)

Source: CCN
Type: IBM Security Bulletin 6253323 (PowerVM NovaLink)
Novalink is impacted by Swagger vulnerability affects WebSphere Application Server Liberty

Source: CCN
Type: IBM Security Bulletin 6324799 (Spectrum Protect Plus)
Multiple vulnerabilities in IBM WebSphere Application Server Liberty affect IBM Spectrum Protect Plus

Source: CCN
Type: IBM Security Bulletin 6391590 (Cloud Application Business Insights)
Multiple Vulnerabilities in Websphere Liberty server (WLP) affects IBM Cloud Application Business Insights

Source: CCN
Type: IBM Security Bulletin 6405740 (Watson Machine Learning Accelerator)
Vulnerabilities in IBM WebSphere Liberty affects IBM Waston Machine Learning Accelerator

Source: CCN
Type: IBM Security Bulletin 6848023 (Planning Analytics Workspace)
IBM Planning Analytics Workspace is affected by vulnerabilties

Source: CCN
Type: IBM Security Bulletin 6891049 (Cloud Integration Platform)
Automation Assets in IBM Cloud Pak for Integration is vulnerable to CSS injection due to Swagger CVE-2019-17495

Source: CCN
Type: IBM Security Bulletin 7004151 (Sterling Partner Engagement Manager)
IBM Sterling Partner Engagement Manager is vulnerable to CSS injection due to Swagger UI (CVE-2019-17495)

Source: CCN
Type: Oracle Critical Patch Update Advisory - April 2021
Oracle Critical Patch Update Advisory - April 2021

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html

Source: CCN
Type: Oracle CPUJan2022
Oracle Critical Patch Update Advisory - January 2022

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html

Source: CCN
Type: Oracle CPUJul2022
Oracle Critical Patch Update Advisory - July 2022

Source: N/A
Type: UNKNOWN
N/A

Source: CCN
Type: Oracle CPUOct2020
Oracle Critical Patch Update Advisory - October 2020

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html

Vulnerable Configuration:Configuration 1:
  • cpe:/a:smartbear:swagger_ui:*:*:*:*:*:*:*:* (Version < 3.23.11)

    • Configuration 2:
  • cpe:/a:oracle:utilities_framework:4.3.0.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:primavera_gateway:*:*:*:*:*:*:*:* (Version >= 16.2.0 and <= 16.2.11)
  • OR cpe:/a:oracle:banking_platform:*:*:*:*:*:*:*:* (Version >= 2.4.0 and <= 2.10.0)
  • OR cpe:/a:oracle:banking_digital_experience:21.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:banking_apis:*:*:*:*:*:*:*:* (Version >= 18.1 and <= 18.3)
  • OR cpe:/a:oracle:banking_apis:19.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:banking_apis:19.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:banking_apis:20.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:banking_apis:21.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:banking_digital_experience:*:*:*:*:*:*:*:* (Version >= 18.1 and <= 18.3)
  • OR cpe:/a:oracle:primavera_gateway:*:*:*:*:*:*:*:* (Version >= 17.12.0 and <= 17.12.8)

    • Configuration CCN 1:
  • cpe:/a:smartbear:swagger_ui:3.23.10:*:*:*:*:*:*:*
  • AND
  • cpe:/a:oracle:utilities_framework:4.3.0.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_protect_plus:10.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server_in_cloud:8.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server_in_cloud:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server_in_cloud:*:*:*:*:liberty:*:*:*
  • OR cpe:/a:ibm:planning_analytics_local:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:utilities_framework:4.3.0.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:voice_gateway:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:voice_gateway:1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_private:3.2.0:cd:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_private:3.2.1:cd:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_automation:19.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:17.0.0.3:*:*:*:liberty:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:19.0.0.12:*:*:*:liberty:*:*:*
  • OR cpe:/a:ibm:infosphere_streams:4.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_streams:4.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_streams:4.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_protect_plus:10.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:voice_gateway:1.0.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:voice_gateway:1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_data:2.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_transformation_advisor:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_private:3.2.0:cd:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_private:3.2.1:cd:*:*:*:*:*:*
  • OR cpe:/a:ibm:voice_gateway:1.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_automation:20.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_protect_plus:10.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_application_business_insights:1.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_application_business_insights:1.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:planning_analytics_workspace:2.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    smartbear swagger ui *
    oracle utilities framework 4.3.0.6.0
    oracle utilities framework 4.4.0.0.0
    oracle banking digital experience 19.1
    oracle utilities framework 4.4.0.2.0
    oracle banking digital experience 19.2
    oracle banking digital experience 20.1
    oracle primavera gateway *
    oracle banking platform *
    oracle banking digital experience 21.1
    oracle banking apis *
    oracle banking apis 19.1
    oracle banking apis 19.2
    oracle banking apis 20.1
    oracle banking apis 21.1
    oracle banking digital experience *
    oracle primavera gateway *
    smartbear swagger ui 3.23.10
    oracle utilities framework 4.3.0.3.0
    ibm infosphere information server 11.7
    ibm spectrum protect plus 10.1.0
    ibm websphere application server in cloud 8.5
    ibm websphere application server in cloud 9.0
    ibm websphere application server in cloud *
    ibm planning analytics local 2.0
    oracle utilities framework 4.3.0.6.0
    ibm voice gateway 1.0.2
    ibm voice gateway 1.0.3
    ibm cloud private 3.2.0 cd
    ibm cloud private 3.2.1 cd
    ibm cloud pak for automation 19.0.3
    ibm websphere application server 17.0.0.3
    ibm websphere application server 19.0.0.12
    ibm infosphere streams 4.1.1
    ibm infosphere streams 4.2.1
    ibm infosphere streams 4.3.1
    ibm spectrum protect plus 10.1.5
    ibm voice gateway 1.0.2.4
    ibm voice gateway 1.0.4
    ibm cloud pak for data 2.5
    ibm cloud transformation advisor 2.0.2
    ibm cloud private 3.2.0 cd
    ibm cloud private 3.2.1 cd
    ibm voice gateway 1.0.5
    ibm cloud pak for automation 20.0.1
    ibm spectrum protect plus 10.1.6
    ibm cloud application business insights 1.1.4
    ibm cloud application business insights 1.1.3
    ibm planning analytics workspace 2.0