Product:

Communications_converged_application_server

(Oracle)
Repositories https://github.com/bcgit/bc-java
https://github.com/jquery/jquery
#Vulnerabilities 12
Date Id Summary Products Score Patch Annotated
2018-04-06 CVE-2018-1270 Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. Debian_linux, Application_testing_suite, Big_data_discovery, Communications_converged_application_server, Communications_diameter_signaling_router, Communications_performance_intelligence_center, Communications_services_gatekeeper, Enterprise_manager_ops_center, Goldengate_for_big_data, Health_sciences_information_manager, Healthcare_master_person_index, Insurance_calculation_engine, Insurance_rules_palette, Primavera_gateway, Retail_back_office, Retail_central_office, Retail_customer_insights, Retail_integration_bus, Retail_open_commerce_platform, Retail_order_broker, Retail_point\-Of\-Sale, Retail_predictive_application_server, Retail_returns_management, Retail_xstore_point_of_service, Service_architecture_leveraging_tuxedo, Tape_library_acsls, Fuse, Spring_framework 9.8
2018-04-11 CVE-2018-1275 Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework. Application_testing_suite, Big_data_discovery, Communications_converged_application_server, Communications_diameter_signaling_router, Communications_performance_intelligence_center, Communications_services_gatekeeper, Goldengate_for_big_data, Health_sciences_information_manager, Healthcare_master_person_index, Insurance_calculation_engine, Insurance_rules_palette, Primavera_gateway, Retail_customer_insights, Retail_open_commerce_platform, Retail_order_broker, Retail_predictive_application_server, Service_architecture_leveraging_tuxedo, Tape_library_acsls, Spring_framework 9.8
2018-04-06 CVE-2018-1271 Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack. Application_testing_suite, Big_data_discovery, Communications_converged_application_server, Communications_diameter_signaling_router, Communications_performance_intelligence_center, Communications_policy_management, Communications_services_gatekeeper, Enterprise_manager_ops_center, Goldengate_for_big_data, Health_sciences_information_manager, Healthcare_master_person_index, Insurance_calculation_engine, Insurance_rules_palette, Primavera_gateway, Rapid_planning, Retail_back_office, Retail_central_office, Retail_customer_insights, Retail_integration_bus, Retail_open_commerce_platform, Retail_order_broker, Retail_point\-Of\-Sale, Retail_predictive_application_server, Retail_returns_management, Retail_xstore_point_of_service, Service_architecture_leveraging_tuxedo, Tape_library_acsls, Spring_framework 5.9
2018-04-06 CVE-2018-1272 Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong... Application_testing_suite, Big_data_discovery, Communications_converged_application_server, Communications_diameter_signaling_router, Communications_performance_intelligence_center, Communications_services_gatekeeper, Enterprise_manager_ops_center, Goldengate_for_big_data, Health_sciences_information_manager, Healthcare_master_person_index, Insurance_calculation_engine, Insurance_rules_palette, Primavera_gateway, Retail_back_office, Retail_central_office, Retail_customer_insights, Retail_integration_bus, Retail_open_commerce_platform, Retail_order_broker, Retail_point\-Of\-Sale, Retail_predictive_application_server, Retail_returns_management, Service_architecture_leveraging_tuxedo, Tape_library_acsls, Spring_framework 7.5
2018-05-11 CVE-2018-1257 Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack. Agile_product_lifecycle_management, Application_testing_suite, Big_data_discovery, Communications_converged_application_server, Communications_diameter_signaling_router, Communications_performance_intelligence_center, Communications_services_gatekeeper, Communications_unified_inventory_management, Endeca_information_discovery_integrator, Enterprise_manager_base_platform, Enterprise_manager_for_mysql_database, Enterprise_manager_ops_center, Flexcube_private_banking, Goldengate_for_big_data, Health_sciences_information_manager, Healthcare_master_person_index, Hospitality_guest_access, Insurance_calculation_engine, Insurance_rules_palette, Primavera_gateway, Retail_customer_insights, Retail_open_commerce_platform, Retail_order_broker, Retail_predictive_application_server, Service_architecture_leveraging_tuxedo, Tape_library_acsls, Utilities_network_management_system, Weblogic_server, Openshift, Spring_framework 6.5
2019-04-26 CVE-2019-2725 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector:... Agile_plm, Communications_converged_application_server, Peoplesoft_enterprise_peopletools, Storagetek_tape_analytics_sw_tool, Tape_library_acsls, Tape_virtual_storage_manager_gui, Vm_virtualbox, Weblogic_server 9.8
2018-05-11 CVE-2018-1258 Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted. Oncommand_insight, Oncommand_unified_manager, Oncommand_workflow_automation, Snapcenter, Storage_automation_store, Agile_plm, Application_testing_suite, Big_data_discovery, Communications_converged_application_server, Communications_diameter_signaling_router, Communications_network_integrity, Communications_performance_intelligence_center, Communications_services_gatekeeper, Endeca_information_discovery_integrator, Enterprise_manager_for_mysql_database, Enterprise_manager_ops_center, Enterprise_repository, Goldengate_for_big_data, Health_sciences_information_manager, Healthcare_master_person_index, Hospitality_guest_access, Insurance_calculation_engine, Insurance_policy_administration, Insurance_rules_palette, Micros_lucas, Mysql_enterprise_monitor, Peoplesoft_enterprise_fin_install, Retail_assortment_planning, Retail_back_office, Retail_central_office, Retail_customer_insights, Retail_financial_integration, Retail_integration_bus, Retail_point\-Of\-Service, Retail_returns_management, Retail_xstore_point_of_service, Service_architecture_leveraging_tuxedo, Tape_library_acsls, Weblogic_server, Spring_security, Fuse, Spring_framework 8.8
2018-07-09 CVE-2018-1000613 Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes... Legion\-Of\-The\-Bouncy\-Castle\-Java\-Crytography\-Api, Oncommand_workflow_automation, Leap, Api_gateway, Banking_platform, Business_process_management_suite, Business_transaction_management, Communications_application_session_controller, Communications_converged_application_server, Communications_convergence, Communications_diameter_signaling_router, Communications_webrtc_session_controller, Data_integrator, Enterprise_manager_base_platform, Enterprise_manager_for_fusion_middleware, Enterprise_repository, Managed_file_transfer, Peoplesoft_enterprise_peopletools, Retail_convenience_and_fuel_pos_software, Retail_xstore_point_of_service, Soa_suite, Utilities_network_management_system, Webcenter_portal, Weblogic_server 9.8
2018-06-05 CVE-2018-1000180 Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later. Fips_java_api, Legion\-Of\-The\-Bouncy\-Castle\-Java\-Crytography\-Api, Debian_linux, Oncommand_workflow_automation, Api_gateway, Business_process_management_suite, Business_transaction_management, Communications_application_session_controller, Communications_converged_application_server, Communications_webrtc_session_controller, Enterprise_repository, Managed_file_transfer, Peoplesoft_enterprise_peopletools, Retail_convenience_and_fuel_pos_software, Retail_xstore_point_of_service, Soa_suite, Webcenter_portal, Weblogic_server, Jboss_enterprise_application_platform, Virtualization 7.5
2018-01-18 CVE-2015-9251 jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. Jquery, Agile_product_lifecycle_management_for_process, Banking_platform, Business_process_management_suite, Communications_converged_application_server, Communications_interactive_session_recorder, Communications_services_gatekeeper, Communications_webrtc_session_controller, Endeca_information_discovery_studio, Enterprise_manager_ops_center, Enterprise_operations_monitor, Financial_services_analytical_applications_infrastructure, Financial_services_asset_liability_management, Financial_services_data_integration_hub, Financial_services_funds_transfer_pricing, Financial_services_hedge_management_and_ifrs_valuations, Financial_services_liquidity_risk_management, Financial_services_loan_loss_forecasting_and_provisioning, Financial_services_market_risk_measurement_and_management, Financial_services_profitability_management, Financial_services_reconciliation_framework, Fusion_middleware_mapviewer, Healthcare_foundation, Healthcare_translational_research, Hospitality_cruise_fleet_management, Hospitality_guest_access, Hospitality_materials_control, Hospitality_reporting_and_analytics, Insurance_insbridge_rating_and_underwriting, Jd_edwards_enterpriseone_tools, Jdeveloper, Oss_support_tools, Peoplesoft_enterprise_peopletools, Primavera_gateway, Primavera_unifier, Real\-Time_scheduler, Retail_allocation, Retail_customer_insights, Retail_invoice_matching, Retail_sales_audit, Retail_workforce_management_software, Service_bus, Siebel_ui_framework, Utilities_framework, Utilities_mobile_workforce_management, Webcenter_sites, Weblogic_server 6.1