Security vulnerabilities in YUI 3.0

(Doc ID 2332608.1)

Last updated on NOVEMBER 28, 2017

Applies to:

Oracle Financial Services Revenue Management and Billing - Version 2.4.0.1.0 and later
Oracle Utilities Framework - Version 4.2.0.3.0 and later
Information in this document applies to any platform.

Goal

A vulnerable component(s) (e.g., framework libraries) was identified within the application's code base. An attacker can potentially identify vulnerable components through scanning or manual analysis. Potential exploitation of this component(s) can leverage attacks such as injection, broken access control, XSS, denial of service, etc. The impact can range from minimal to complete host takeover and data compromise.
Affected Hosts/URLs: https://gbs-sit.gsrena.ssmb.com:31759/spl-GBS_RMBP5PKG_clone1/cis.jsp
Resolved Hosts/URLs:
/*
Copyright (c) 2011, Yahoo! Inc. All rights reserved.
Code licensed under the BSD License:
http://developer.yahoo.com/yui/license.html
version: 2.9.0
*/
The vulnerability is affecting all versions prior 3.10.3 (between * and 3.10.3). Additional details can be found at http://www.cvedetails.com/cve/CVE-2013-4940/
/spl-GBS_RMBP5PKG_clone1/yui/logger/logger-min.js
/spl-GBS_RMBP5PKG_clone1/yui/utilities/utilities.js
/spl-GBS_RMBP5PKG_clone1/yui/connection/connection-min.js
/spl-GBS_RMBP5PKG_clone1/yui/dragdrop/dragdrop-min.js
/spl-GBS_RMBP5PKG_clone1/yui/yahoo-dom-event/yahoo-dom-event.js
/spl-GBS_RMBP5PKG_clone1/yui/json/json-min.js
 

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms