Vulnerability CVE-2021-35043 - CERT Civis.Net

Vulnerability Name:

CVE-2021-35043 (CCN-205741)

Assigned:

2021-06-18

Published:

2021-06-18

Updated:

2022-10-29

Summary:

OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). This was demonstrated by a javascript: URL with &#00058 as the replacement for the : character.

CVSS v3 Severity:

6.1 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
5.3 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): None

6.1 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
5.3 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

5.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Cross-Site Scripting

References:

Source: MITRE
Type: CNA
CVE-2021-35043

Source: XF
Type: UNKNOWN
antisamy-cve202135043-xss(205741)

Source: CCN
Type: AntiSamy GIT Repository
Override URL encoding when serializing results to HTML #87

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/nahsra/antisamy/pull/87

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/nahsra/antisamy/releases/tag/v1.6.4

Source: CCN
Type: OWASP Web site
OWASP AntiSamy

Source: CCN
Type: Oracle CPUApr2022
Oracle Critical Patch Update Advisory - April 2022

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html

Source: CCN
Type: Oracle CPUJan2022
Oracle Critical Patch Update Advisory - January 2022

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html

Source: N/A
Type: Patch, Third Party Advisory
N/A

Source: CCN
Type: Oracle CPUOct2021
Oracle Critical Patch Update Advisory - October 2021

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html

Vulnerable Configuration:

Configuration 1:

cpe:/a:antisamy_project:antisamy:*:*:*:*:*:*:*:* (Version < 1.6.4)

Configuration 2:

cpe:/a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:retail_central_office:14.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*

Configuration 3:

cpe:/a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*

OR cpe:/a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:insurance_policy_administration:11.3.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*

OR cpe:/a:oracle:banking_enterprise_default_management:2.12.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:banking_enterprise_default_management:2.10.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:banking_party_management:2.7.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:banking_platform:*:*:*:*:*:*:*:* (Version >= 2.3.0 and <= 2.4.1)

OR cpe:/a:oracle:banking_enterprise_default_managment:*:*:*:*:*:*:*:* (Version >= 2.3.0 and <= 2.4.0)

OR cpe:/a:oracle:insurance_policy_administration:11.1.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:insurance_policy_administration:11.3.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:banking_enterprise_default_management:2.7.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:banking_enterprise_default_management:2.7.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:banking_enterprise_default_management:2.6.2:*:*:*:*:*:*:*

OR cpe:/a:oracle:insurance_policy_administration:11.2.8:*:*:*:*:*:*:*

OR cpe:/a:oracle:middleware_common_libraries_and_tools:12.2.1.4.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:middleware_common_libraries_and_tools:12.2.1.3.0:*:*:*:*:*:*:*

Configuration 4:

cpe:/a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*

OR cpe:/a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*

OR cpe:/a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*

Configuration CCN 1:

cpe:/a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:agile_product_lifecycle_management_framework:9.3.3:*:*:*:*:*:*:*

OR cpe:/a:oracle:retail_central_office:14.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*

Denotes that component is vulnerable