Customer_management_and_segmentation_foundation - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Customer_management_and_segmentation_foundation
(Oracle)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	9

Date	Id	Summary	Products	Score	Patch	Annotated
2019-07-26	CVE-2019-13990	initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.	Tomee, Active_iq_unified_manager, Cloud_secure_agent, Apache_batik_mapviewer, Banking_enterprise_originations, Banking_enterprise_product_manufacturing, Banking_payments, Communications_ip_service_activator, Communications_session_route_manager, Customer_management_and_segmentation_foundation, Documaker, Enterprise_manager_base_platform, Enterprise_manager_ops_center, Flexcube_investor_servicing, Flexcube_private_banking, Fusion_middleware_mapviewer, Google_guava_mapviewer, Hyperion_infrastructure_technology, Jd_edwards_enterpriseone_orchestrator, Primavera_unifier, Retail_back_office, Retail_central_office, Retail_integration_bus, Retail_order_broker, Retail_point\-Of\-Service, Retail_returns_management, Retail_xstore_point_of_service, Terracotta_quartz_scheduler_mapviewer, Webcenter_sites, Quartz	9.8
2020-01-03	CVE-2019-20330	FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.	Debian_linux, Jackson\-Databind, Active_iq_unified_manager, Oncommand_api_services, Service_level_manager, Snapcenter, Steelstore_cloud_integrated_storage, Banking_platform, Communications_billing_and_revenue_management, Communications_cloud_native_core_network_slice_selection_function, Communications_contacts_server, Communications_evolved_communications_application_server, Communications_instant_messaging_server, Communications_network_charging_and_control, Customer_management_and_segmentation_foundation, Enterprise_manager_base_platform, Global_lifecycle_management_opatch, Goldengate_application_adapters, Goldengate_stream_analytics, Jd_edwards_enterpriseone_orchestrator, Jd_edwards_enterpriseone_tools, Primavera_unifier, Retail_merchandising_system, Retail_sales_audit, Retail_xstore_point_of_service, Siebel_engineering_\-_installer_\&_deployment, Siebel_ui_framework, Trace_file_analyzer, Webcenter_portal, Weblogic_server	9.8
2019-08-20	CVE-2019-10086	In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.	Commons_beanutils, Nifi, Debian_linux, Fedora, Leap, Agile_plm, Agile_product_lifecycle_management_integration_pack, Application_testing_suite, Banking_platform, Blockchain_platform, Communications_billing_and_revenue_management, Communications_billing_and_revenue_management_elastic_charging_engine, Communications_cloud_native_core_console, Communications_cloud_native_core_policy, Communications_cloud_native_core_unified_data_repository, Communications_convergence, Communications_design_studio, Communications_evolved_communications_application_server, Communications_metasolv_solution, Communications_network_integrity, Communications_performance_intelligence_center, Communications_pricing_design_center, Communications_unified_inventory_management, Customer_management_and_segmentation_foundation, Enterprise_manager_for_virtualization, Financial_services_revenue_management_and_billing_analytics, Flexcube_private_banking, Fusion_middleware, Healthcare_foundation, Hospitality_opera_5, Hospitality_reporting_and_analytics, Insurance_data_gateway, Jd_edwards_enterpriseone_orchestrator, Jd_edwards_enterpriseone_tools, Peoplesoft_enterprise_peopletools, Peoplesoft_enterprise_pt_peopletools, Primavera_gateway, Real\-Time_decisions_solutions, Retail_advanced_inventory_planning, Retail_back_office, Retail_central_office, Retail_invoice_matching, Retail_merchandising_system, Retail_point\-Of\-Service, Retail_predictive_application_server, Retail_price_management, Retail_returns_management, Retail_xstore_point_of_service, Service_bus, Solaris_cluster, Time_and_labor, Utilities_framework, Weblogic_server, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Jboss_enterprise_application_platform	7.3
2018-04-26	CVE-2018-10237	Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.	Guava, Banking_payments, Communications_ip_service_activator, Customer_management_and_segmentation_foundation, Database_server, Flexcube_investor_servicing, Flexcube_private_banking, Retail_integration_bus, Retail_xstore_point_of_service, Weblogic_server, Jboss_enterprise_application_platform, Openshift_container_platform, Openstack, Satellite, Satellite_capsule, Virtualization, Virtualization_host	5.9
2019-08-30	CVE-2019-12402	The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.	Commons_compress, Fedora, Banking_payments, Banking_platform, Communications_element_manager, Communications_ip_service_activator, Communications_session_report_manager, Communications_session_route_manager, Customer_management_and_segmentation_foundation, Essbase, Flexcube_investor_servicing, Flexcube_private_banking, Hyperion_infrastructure_technology, Jdeveloper, Peoplesoft_enterprise_pt_peopletools, Primavera_gateway, Retail_integration_bus, Retail_xstore_point_of_service, Webcenter_portal	7.5
2021-11-01	CVE-2021-41973	In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer and loops if there is more data than expected. Please update MINA to 2.1.5 or greater.	Mina, Banking_payments, Banking_trade_finance_process_management, Banking_treasury_management, Communications_cloud_native_core_console, Customer_management_and_segmentation_foundation, Flexcube_universal_banking, Fusion_middleware_common_libraries_and_tools, Oss_support_tools	6.5
2019-10-07	CVE-2019-17267	A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.	Debian_linux, Jackson\-Databind, Active_iq_unified_manager, Oncommand_api_services, Oncommand_workflow_automation, Service_level_manager, Steelstore_cloud_integrated_storage, Customer_management_and_segmentation_foundation, Goldengate_application_adapters, Retail_customer_management_and_segmentation_foundation, Weblogic_server, Jboss_enterprise_application_platform	9.8
2019-09-15	CVE-2019-16335	A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.	Debian_linux, Jackson\-Databind, Fedora, Oncommand_api_services, Oncommand_workflow_automation, Steelstore_cloud_integrated_storage, Banking_platform, Customer_management_and_segmentation_foundation, Financial_services_analytical_applications_infrastructure, Global_lifecycle_management_opatch, Goldengate_application_adapters, Goldengate_stream_analytics, Primavera_gateway, Retail_customer_management_and_segmentation_foundation, Retail_xstore_point_of_service, Weblogic_server, Jboss_enterprise_application_platform	9.8
2019-09-15	CVE-2019-14540	A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.	Debian_linux, Jackson\-Databind, Fedora, Oncommand_api_services, Oncommand_workflow_automation, Steelstore_cloud_integrated_storage, Banking_platform, Customer_management_and_segmentation_foundation, Financial_services_analytical_applications_infrastructure, Global_lifecycle_management_opatch, Goldengate_application_adapters, Goldengate_stream_analytics, Mysql, Primavera_gateway, Primavera_unifier, Retail_customer_management_and_segmentation_foundation, Retail_xstore_point_of_service, Weblogic_server, Jboss_enterprise_application_platform	9.8