VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-hcyb-m9nf-7yak

Essentials
Severities (25)
References (43)
Severity details (24)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-hcyb-m9nf-7yak
Aliases	CVE-2019-2999
Summary	OpenJDK: Insufficient filtering of HTML event attributes in Javadoc (Javadoc, 8226765)
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

System	Score	Found at
ssvc	Track	http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html
ssvc	Track	http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html
ssvc	Track	http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html
ssvc	Track	https://access.redhat.com/errata/RHSA-2019:3134
ssvc	Track	https://access.redhat.com/errata/RHSA-2019:3135
ssvc	Track	https://access.redhat.com/errata/RHSA-2019:3136
ssvc	Track	https://access.redhat.com/errata/RHSA-2019:3157
ssvc	Track	https://access.redhat.com/errata/RHSA-2019:3158
ssvc	Track	https://access.redhat.com/errata/RHSA-2019:4109
ssvc	Track	https://access.redhat.com/errata/RHSA-2019:4110
ssvc	Track	https://access.redhat.com/errata/RHSA-2019:4113
ssvc	Track	https://access.redhat.com/errata/RHSA-2019:4115
ssvc	Track	https://access.redhat.com/errata/RHSA-2020:0006
ssvc	Track	https://access.redhat.com/errata/RHSA-2020:0046
cvssv3	4.7	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-2999.json
epss	0.01308	https://api.first.org/data/v1/epss?cve=CVE-2019-2999
cvssv3.1	4.7	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
ssvc	Track	https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html
ssvc	Track	https://seclists.org/bugtraq/2019/Oct/27
ssvc	Track	https://seclists.org/bugtraq/2019/Oct/31
ssvc	Track	https://security.netapp.com/advisory/ntap-20191017-0001/
ssvc	Track	https://usn.ubuntu.com/4223-1/
ssvc	Track	https://www.debian.org/security/2019/dsa-4546
ssvc	Track	https://www.debian.org/security/2019/dsa-4548
ssvc	Track	http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-2999.json
		https://api.first.org/data/v1/epss?cve=CVE-2019-2999
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2894
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2945
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2949
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2962
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2964
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2973
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2975
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2977
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2978
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2981
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2983
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2987
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2988
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2989
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2992
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2999
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1760992		https://bugzilla.redhat.com/show_bug.cgi?id=1760992
27		https://seclists.org/bugtraq/2019/Oct/27
31		https://seclists.org/bugtraq/2019/Oct/31
4223-1		https://usn.ubuntu.com/4223-1/
cpuoct2019-5072832.html		http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
dsa-4546		https://www.debian.org/security/2019/dsa-4546
dsa-4548		https://www.debian.org/security/2019/dsa-4548
msg00005.html		https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html
msg00031.html		http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html
msg00064.html		http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html
msg00066.html		http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html
RHSA-2019:3127		https://access.redhat.com/errata/RHSA-2019:3127
RHSA-2019:3128		https://access.redhat.com/errata/RHSA-2019:3128
RHSA-2019:3134		https://access.redhat.com/errata/RHSA-2019:3134
RHSA-2019:3135		https://access.redhat.com/errata/RHSA-2019:3135
RHSA-2019:3136		https://access.redhat.com/errata/RHSA-2019:3136
RHSA-2019:3157		https://access.redhat.com/errata/RHSA-2019:3157
RHSA-2019:3158		https://access.redhat.com/errata/RHSA-2019:3158
RHSA-2019:4109		https://access.redhat.com/errata/RHSA-2019:4109
RHSA-2019:4110		https://access.redhat.com/errata/RHSA-2019:4110
RHSA-2019:4113		https://access.redhat.com/errata/RHSA-2019:4113
RHSA-2019:4115		https://access.redhat.com/errata/RHSA-2019:4115
RHSA-2020:0006		https://access.redhat.com/errata/RHSA-2020:0006
RHSA-2020:0046		https://access.redhat.com/errata/RHSA-2020:0046

No exploits are available.

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:13:29Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:13:29Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:13:29Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:13:29Z/ Found at https://access.redhat.com/errata/RHSA-2019:3134

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:13:29Z/ Found at https://access.redhat.com/errata/RHSA-2019:3135

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:13:29Z/ Found at https://access.redhat.com/errata/RHSA-2019:3136

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:13:29Z/ Found at https://access.redhat.com/errata/RHSA-2019:3157

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:13:29Z/ Found at https://access.redhat.com/errata/RHSA-2019:3158

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:13:29Z/ Found at https://access.redhat.com/errata/RHSA-2019:4109

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:13:29Z/ Found at https://access.redhat.com/errata/RHSA-2019:4110

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:13:29Z/ Found at https://access.redhat.com/errata/RHSA-2019:4113

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:13:29Z/ Found at https://access.redhat.com/errata/RHSA-2019:4115

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:13:29Z/ Found at https://access.redhat.com/errata/RHSA-2020:0006

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:13:29Z/ Found at https://access.redhat.com/errata/RHSA-2020:0046

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-2999.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:13:29Z/ Found at https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:13:29Z/ Found at https://seclists.org/bugtraq/2019/Oct/27

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:13:29Z/ Found at https://seclists.org/bugtraq/2019/Oct/31

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:13:29Z/ Found at https://security.netapp.com/advisory/ntap-20191017-0001/

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:13:29Z/ Found at https://usn.ubuntu.com/4223-1/

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:13:29Z/ Found at https://www.debian.org/security/2019/dsa-4546

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:13:29Z/ Found at https://www.debian.org/security/2019/dsa-4548

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:13:29Z/ Found at http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Exploit Prediction Scoring System (EPSS)

Percentile	0.801
EPSS Score	0.01308
Published At	May 29, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-05-29T09:30:09.717835+00:00	RedHat Importer	Import	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-2999.json	38.6.0