|
2022-02-17
|
CVE-2022-23632
|
Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.6.1, Traefik skips the router transport layer security (TLS) configuration when the host header is a fully qualified domain name (FQDN). For a request, the TLS configuration choice can be different than the router choice, which implies the use of a wrong TLS configuration. When sending a request using FQDN handled by a router configured with a dedicated TLS configuration, the TLS configuration falls back to the default...
|
Communications_unified_inventory_management, Traefik
|
7.5
|
|
|
|
2021-05-27
|
CVE-2021-22118
|
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.
|
Hci, Management_services_for_element_software, Commerce_guided_search, Communications_brm_\-_elastic_charging_engine, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_policy, Communications_cloud_native_core_security_edge_protection_proxy, Communications_cloud_native_core_service_communication_proxy, Communications_cloud_native_core_unified_data_repository, Communications_diameter_intelligence_hub, Communications_element_manager, Communications_interactive_session_recorder, Communications_network_integrity, Communications_session_report_manager, Communications_session_route_manager, Communications_unified_inventory_management, Documaker, Enterprise_data_quality, Financial_services_analytical_applications_infrastructure, Healthcare_data_repository, Insurance_policy_administration, Insurance_rules_palette, Mysql_enterprise_monitor, Retail_assortment_planning, Retail_customer_management_and_segmentation_foundation, Retail_financial_integration, Retail_integration_bus, Retail_merchandising_system, Retail_order_broker, Retail_predictive_application_server, Utilities_testing_accelerator, Spring_framework
|
7.8
|
|
|
|
2021-12-18
|
CVE-2021-45105
|
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.
|
Log4j, Debian_linux, Cloud_manager, Agile_engineering_data_management, Agile_plm, Agile_plm_mcad_connector, Autovue_for_agile_product_lifecycle_management, Banking_deposits_and_lines_of_credit_servicing, Banking_enterprise_default_management, Banking_loans_servicing, Banking_party_management, Banking_payments, Banking_platform, Banking_trade_finance, Banking_treasury_management, Business_intelligence, Communications_asap, Communications_billing_and_revenue_management, Communications_cloud_native_core_console, Communications_cloud_native_core_network_function_cloud_native_environment, Communications_cloud_native_core_network_repository_function, Communications_cloud_native_core_network_slice_selection_function, Communications_cloud_native_core_policy, Communications_cloud_native_core_security_edge_protection_proxy, Communications_cloud_native_core_service_communication_proxy, Communications_cloud_native_core_unified_data_repository, Communications_convergence, Communications_convergent_charging_controller, Communications_diameter_signaling_router, Communications_eagle_element_management_system, Communications_eagle_ftp_table_base_retrieval, Communications_element_manager, Communications_evolved_communications_application_server, Communications_interactive_session_recorder, Communications_ip_service_activator, Communications_messaging_server, Communications_network_charging_and_control, Communications_network_integrity, Communications_performance_intelligence_center, Communications_pricing_design_center, Communications_service_broker, Communications_services_gatekeeper, Communications_session_report_manager, Communications_session_route_manager, Communications_unified_inventory_management, Communications_user_data_repository, Communications_webrtc_session_controller, Data_integrator, E\-Business_suite, Enterprise_manager_base_platform, Enterprise_manager_for_peoplesoft, Enterprise_manager_ops_center, Financial_services_analytical_applications_infrastructure, Financial_services_model_management_and_governance, Flexcube_universal_banking, Health_sciences_empirica_signal, Health_sciences_inform, Health_sciences_information_manager, Healthcare_data_repository, Healthcare_foundation, Healthcare_master_person_index, Healthcare_translational_research, Hospitality_suite8, Hospitality_token_proxy_service, Hyperion_bi\+, Hyperion_data_relationship_management, Hyperion_infrastructure_technology, Hyperion_planning, Hyperion_profitability_and_cost_management, Hyperion_tax_provision, Identity_management_suite, Identity_manager_connector, Instantis_enterprisetrack, Insurance_data_gateway, Insurance_insbridge_rating_and_underwriting, Jdeveloper, Managed_file_transfer, Management_cloud_engine, Mysql_enterprise_monitor, Payment_interface, Peoplesoft_enterprise_peopletools, Primavera_gateway, Primavera_p6_enterprise_project_portfolio_management, Primavera_unifier, Retail_back_office, Retail_central_office, Retail_customer_insights, Retail_data_extractor_for_merchandising, Retail_eftlink, Retail_financial_integration, Retail_integration_bus, Retail_invoice_matching, Retail_merchandising_system, Retail_order_broker, Retail_order_management_system, Retail_point\-Of\-Service, Retail_predictive_application_server, Retail_price_management, Retail_returns_management, Retail_service_backbone, Retail_store_inventory_management, Siebel_ui_framework, Sql_developer, Taleo_platform, Utilities_framework, Webcenter_portal, Webcenter_sites, Weblogic_server, 6bk1602\-0aa12\-0tp0_firmware, 6bk1602\-0aa22\-0tp0_firmware, 6bk1602\-0aa32\-0tp0_firmware, 6bk1602\-0aa42\-0tp0_firmware, 6bk1602\-0aa52\-0tp0_firmware, Email_security, Network_security_manager, Web_application_firewall
|
5.9
|
|
|
|
2019-07-23
|
CVE-2019-10173
|
It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. e.g. JSON. (regression of CVE-2013-7285)
|
Banking_platform, Business_activity_monitoring, Communications_billing_and_revenue_management_elastic_charging_engine, Communications_diameter_signaling_router, Communications_unified_inventory_management, Endeca_information_discovery_studio, Retail_xstore_point_of_service, Utilities_framework, Webcenter_portal, Xstream
|
9.8
|
|
|
|
2020-12-17
|
CVE-2020-35490
|
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.
|
Debian_linux, Jackson\-Databind, Service_level_manager, Agile_plm, Application_testing_suite, Autovue_for_agile_product_lifecycle_management, Banking_platform, Banking_treasury_management, Banking_virtual_account_management, Blockchain_platform, Communications_cloud_native_core_policy, Communications_cloud_native_core_unified_data_repository, Communications_diameter_signaling_router, Communications_evolved_communications_application_server, Communications_instant_messaging_server, Communications_interactive_session_recorder, Communications_offline_mediation_controller, Communications_pricing_design_center, Communications_services_gatekeeper, Communications_unified_inventory_management, Documaker, Insurance_policy_administration_j2ee, Retail_merchandising_system, Retail_xstore_point_of_service, Webcenter_portal
|
8.1
|
|
|
|
2020-12-17
|
CVE-2020-35491
|
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.
|
Debian_linux, Jackson\-Databind, Service_level_manager, Agile_plm, Application_testing_suite, Autovue_for_agile_product_lifecycle_management, Banking_platform, Banking_treasury_management, Banking_virtual_account_management, Blockchain_platform, Communications_cloud_native_core_policy, Communications_cloud_native_core_unified_data_repository, Communications_diameter_signaling_route, Communications_evolved_communications_application_server, Communications_instant_messaging_server, Communications_offline_mediation_controller, Communications_pricing_design_center, Communications_services_gatekeeper, Communications_unified_inventory_management, Documaker, Insurance_policy_administration_j2ee, Retail_customer_management_and_segmentation_foundation, Retail_merchandising_system, Retail_xstore_point_of_service, Sd\-Wan_edge, Webcenter_portal
|
8.1
|
|
|
|
2018-06-25
|
CVE-2018-11040
|
Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through...
|
Debian_linux, Agile_product_lifecycle_management, Application_testing_suite, Communications_network_integrity, Communications_online_mediation_controller, Communications_services_gatekeeper, Communications_unified_inventory_management, Endeca_information_discovery_integrator, Enterprise_manager, Enterprise_manager_ops_center, Flexcube_private_banking, Healthcare_master_person_index, Hospitality_guest_access, Insurance_calculation_engine, Insurance_rules_palette, Micros_lucas, Mysql_enterprise_monitor, Product_lifecycle_management, Retail_advanced_inventory_planning, Retail_clearance_optimization_engine, Retail_customer_insights, Retail_markdown_optimization, Retail_predictive_application_server, Retail_service_backbone, Retail_xstore_point_of_service, Utilities_network_management_system, Weblogic_server, Spring_framework
|
7.5
|
|
|
|
2018-05-11
|
CVE-2018-1257
|
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.
|
Agile_product_lifecycle_management, Application_testing_suite, Big_data_discovery, Communications_converged_application_server, Communications_diameter_signaling_router, Communications_performance_intelligence_center, Communications_services_gatekeeper, Communications_unified_inventory_management, Endeca_information_discovery_integrator, Enterprise_manager_base_platform, Enterprise_manager_for_mysql_database, Enterprise_manager_ops_center, Flexcube_private_banking, Goldengate_for_big_data, Health_sciences_information_manager, Healthcare_master_person_index, Hospitality_guest_access, Insurance_calculation_engine, Insurance_rules_palette, Primavera_gateway, Retail_customer_insights, Retail_open_commerce_platform, Retail_order_broker, Retail_predictive_application_server, Service_architecture_leveraging_tuxedo, Tape_library_acsls, Utilities_network_management_system, Weblogic_server, Openshift, Spring_framework
|
6.5
|
|
|
|
2018-06-25
|
CVE-2018-11039
|
Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.
|
Debian_linux, Agile_plm, Application_testing_suite, Communications_diameter_signaling_router, Communications_network_integrity, Communications_online_mediation_controller, Communications_performance_intelligence_center, Communications_services_gatekeeper, Communications_unified_inventory_management, Endeca_information_discovery_integrator, Enterprise_manager_base_platform, Enterprise_manager_for_mysql_database, Enterprise_manager_ops_center, Health_sciences_information_manager, Healthcare_master_person_index, Hospitality_guest_access, Insurance_calculation_engine, Insurance_rules_palette, Micros_lucas, Mysql_enterprise_monitor, Primavera_p6_enterprise_project_portfolio_management, Retail_advanced_inventory_planning, Retail_assortment_planning, Retail_clearance_optimization_engine, Retail_customer_insights, Retail_financial_integration, Retail_integration_bus, Retail_markdown_optimization, Retail_predictive_application_server, Retail_xstore_point_of_service, Utilities_network_management_system, Weblogic_server, Spring_framework
|
5.9
|
|
|
|
2019-10-02
|
CVE-2019-17091
|
faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client window field is mishandled.
|
Mojarra, Application_testing_suite, Banking_enterprise_product_manufacturing, Communications_diameter_signaling_router, Communications_network_integrity, Communications_unified_inventory_management, Enterprise_data_quality, Health_sciences_information_manager, Healthcare_data_repository, Mojarra_javaserver_faces, Primavera_p6_enterprise_project_portfolio_management, Rapid_planning, Retail_advanced_inventory_planning, Retail_assortment_planning, Retail_bulk_data_integration, Retail_financial_integration, Retail_integration_bus, Retail_invoice_matching, Retail_merchandising_system, Retail_service_backbone, Retail_store_inventory_management, Secure_global_desktop, Time_and_labor
|
6.1
|
|
|