Product:

Instantis_enterprisetrack

(Oracle)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 7
Date Id Summary Products Score Patch Annotated
2020-05-20 CVE-2020-9484 When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be... Tomcat, Ubuntu_linux, Debian_linux, Fedora, Leap, Instantis_enterprisetrack 7.0
2019-08-13 CVE-2019-9517 Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both. Traffic_server, Swiftnio, Ubuntu_linux, Debian_linux, Fedora, Web_gateway, Clustered_data_ontap, Leap, Communications_element_manager, Graalvm, Instantis_enterprisetrack, Retail_xstore_point_of_service, Enterprise_linux, Jboss_core_services, Jboss_enterprise_application_platform, Openshift_service_mesh, Quay, Software_collections, Diskstation_manager, Skynas, Vs960hd_firmware 7.5
2020-02-24 CVE-2020-1935 In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely. Tomcat, Ubuntu_linux, Debian_linux, Data_availability_services, Leap, Communications_element_manager, Communications_instant_messaging_server, Health_sciences_empirica_signal, Hospitality_guest_access, Instantis_enterprisetrack, Mysql_enterprise_monitor, Transportation_management, Workload_manager 4.8
2018-05-24 CVE-2018-8013 In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization. Batik, Ubuntu_linux, Debian_linux, Business_intelligence, Communications_diameter_signaling_router, Communications_metasolv_solution, Communications_webrtc_session_controller, Data_integrator, Enterprise_repository, Financial_services_analytical_applications_infrastructure, Fusion_middleware_mapviewer, Instantis_enterprisetrack, Insurance_calculation_engine, Insurance_policy_administration_j2ee, Jd_edwards_enterpriseone_tools, Retail_back_office, Retail_central_office, Retail_integration_bus, Retail_order_broker, Retail_point\-Of\-Service, Retail_returns_management 9.8
2018-09-25 CVE-2018-11763 In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol. Http_server, Ubuntu_linux, Storage_automation_store, Enterprise_manager_ops_center, Hospitality_guest_access, Instantis_enterprisetrack, Retail_xstore_point_of_service, Secure_global_desktop, Enterprise_linux 5.9
2018-10-04 CVE-2018-11784 When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. Tomcat, Ubuntu_linux, Debian_linux, Snap_creator_framework, Communications_application_session_controller, Hospitality_guest_access, Instantis_enterprisetrack, Retail_order_broker, Secure_global_desktop, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation 4.3
2018-09-25 CVE-2018-11763 In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol. Http_server, Ubuntu_linux, Storage_automation_store, Enterprise_manager_ops_center, Hospitality_guest_access, Instantis_enterprisetrack, Retail_xstore_point_of_service, Secure_global_desktop, Enterprise_linux 5.9