CVE-2019-11281 vulnerability in Pivotal Software and Other Products
Published on October 16, 2019
RabbitMQ XSS attack
Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federation management UI, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack that would gain access to virtual hosts and policy management information.
Weakness Type
What is a XSS Vulnerability?
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVE-2019-11281 has been classified to as a XSS vulnerability or weakness.
Products Associated with CVE-2019-11281
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-11281 are published in these products:
Affected Versions
Pivotal RabbitMQ:- Version prior to v3.7.18 is affected.
- Version 1.15.x prior to 1.15.13 is affected.
- Version 11.16.x prior to 1.16.6 is affected.
- Version 1.17.x prior to 1.17.3 is affected.
Exploit Probability
EPSS
1.01%
Percentile
76.81%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.