Product:

Jdeveloper

(Oracle)
Date Id Summary Products Score Patch Annotated
2018-01-18 CVE-2015-9251 jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. Jquery, Agile_product_lifecycle_management_for_process, Banking_platform, Business_process_management_suite, Communications_converged_application_server, Communications_interactive_session_recorder, Communications_services_gatekeeper, Communications_webrtc_session_controller, Endeca_information_discovery_studio, Enterprise_manager_ops_center, Enterprise_operations_monitor, Financial_services_analytical_applications_infrastructure, Financial_services_asset_liability_management, Financial_services_data_integration_hub, Financial_services_funds_transfer_pricing, Financial_services_hedge_management_and_ifrs_valuations, Financial_services_liquidity_risk_management, Financial_services_loan_loss_forecasting_and_provisioning, Financial_services_market_risk_measurement_and_management, Financial_services_profitability_management, Financial_services_reconciliation_framework, Fusion_middleware_mapviewer, Healthcare_foundation, Healthcare_translational_research, Hospitality_cruise_fleet_management, Hospitality_guest_access, Hospitality_materials_control, Hospitality_reporting_and_analytics, Insurance_insbridge_rating_and_underwriting, Jd_edwards_enterpriseone_tools, Jdeveloper, Oss_support_tools, Peoplesoft_enterprise_peopletools, Primavera_gateway, Primavera_unifier, Real\-Time_scheduler, Retail_allocation, Retail_customer_insights, Retail_invoice_matching, Retail_sales_audit, Retail_workforce_management_software, Service_bus, Siebel_ui_framework, Utilities_framework, Utilities_mobile_workforce_management, Webcenter_sites, Weblogic_server 6.1
2020-04-29 CVE-2020-11022 In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. Debian_linux, Drupal, Fedora, Jquery, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Oncommand_insight, Oncommand_system_manager, Snap_creator_framework, Snapcenter, Backports_sle, Leap, Agile_product_supplier_collaboration_for_process, Banking_digital_experience, Communications_application_session_controller, Communications_billing_and_revenue_management, Communications_diameter_signaling_router_idih\:, Communications_webrtc_session_controller, Enterprise_manager_ops_center, Enterprise_session_border_controller, Financial_services_analytical_applications_infrastructure, Financial_services_analytical_applications_reconciliation_framework, Financial_services_asset_liability_management, Financial_services_balance_sheet_planning, Financial_services_basel_regulatory_capital_basic, Financial_services_basel_regulatory_capital_internal_ratings_based_approach, Financial_services_data_foundation, Financial_services_data_governance_for_us_regulatory_reporting, Financial_services_data_integration_hub, Financial_services_funds_transfer_pricing, Financial_services_hedge_management_and_ifrs_valuations, Financial_services_institutional_performance_analytics, Financial_services_liquidity_risk_management, Financial_services_liquidity_risk_measurement_and_management, Financial_services_loan_loss_forecasting_and_provisioning, Financial_services_market_risk_measurement_and_management, Financial_services_price_creation_and_discovery, Financial_services_profitability_management, Financial_services_regulatory_reporting_for_european_banking_authority, Financial_services_regulatory_reporting_for_us_federal_reserve, Healthcare_foundation, Hospitality_materials_control, Hospitality_simphony, Insurance_accounting_analyzer, Insurance_allocation_manager_for_enterprise_profitability, Insurance_data_foundation, Insurance_insbridge_rating_and_underwriting, Jdeveloper, Peoplesoft_enterprise_peopletools, Policy_automation, Policy_automation_connector_for_siebel, Policy_automation_for_mobile_devices, Retail_back_office, Retail_customer_management_and_segmentation_foundation, Retail_returns_management, Siebel_ui_framework, Weblogic_server 6.1
2019-10-16 CVE-2019-2904 Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper and ADF. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts).... Application_development_framework, Jdeveloper 9.8
2019-01-02 CVE-2018-14718 FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization. Debian_linux, Jackson\-Databind, Banking_platform, Communications_billing_and_revenue_management, Enterprise_manager_for_virtualization, Financial_services_analytical_applications_infrastructure, Jdeveloper, Primavera_unifier, Retail_merchandising_system, Webcenter_portal 9.8
2017-04-17 CVE-2017-5645 In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. Log4j, Oncommand_api_services, Oncommand_insight, Oncommand_workflow_automation, Service_level_manager, Snapcenter, Storage_automation_store, Api_gateway, Autovue_vuelink_integration, Banking_platform, Bi_publisher, Communications_converged_application_server_\-_service_controller, Communications_messaging_server, Communications_online_mediation_controller, Communications_pricing_design_center, Communications_service_broker, Communications_webrtc_session_controller, Configuration_manager, Enterprise_data_quality, Enterprise_manager_base_platform, Enterprise_manager_for_fusion_middleware, Enterprise_manager_for_mysql_database, Enterprise_manager_for_oracle_database, Enterprise_manager_for_peoplesoft, Financial_services_analytical_applications_infrastructure, Financial_services_behavior_detection_platform, Financial_services_hedge_management_and_ifrs_valuations, Financial_services_loan_loss_forecasting_and_provisioning, Financial_services_profitability_management, Flexcube_investor_servicing, Fusion_middleware_mapviewer, Goldengate_application_adapters, Identity_analytics, Identity_management_suite, Insurance_calculation_engine, Insurance_policy_administration, Insurance_rules_palette, Jd_edwards_enterpriseone_tools, Jdeveloper, Mysql_enterprise_monitor, Peoplesoft_enterprise_fin_install, Policy_automation, Policy_automation_connector_for_siebel, Policy_automation_for_mobile_devices, Retail_clearance_optimization_engine, Retail_extract_transform_and_load, Retail_integration_bus, Retail_open_commerce_platform, Retail_predictive_application_server, Siebel_ui_framework, Soa_suite, Tape_library_acsls, Utilities_work_and_asset_management, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation 9.8
2019-01-02 CVE-2018-14721 FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization. Debian_linux, Jackson\-Databind, Banking_platform, Communications_billing_and_revenue_management, Enterprise_manager_for_virtualization, Financial_services_analytical_applications_infrastructure, Jdeveloper, Primavera_unifier, Retail_merchandising_system, Webcenter_portal, Jboss_enterprise_application_platform, Openshift_container_platform 10.0
2019-01-02 CVE-2018-14720 FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization. Debian_linux, Jackson\-Databind, Banking_platform, Communications_billing_and_revenue_management, Enterprise_manager_for_virtualization, Financial_services_analytical_applications_infrastructure, Jdeveloper, Primavera_unifier, Retail_merchandising_system, Webcenter_portal, Jboss_enterprise_application_platform, Openshift_container_platform 9.8
2019-01-02 CVE-2018-14719 FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization. Debian_linux, Jackson\-Databind, Banking_platform, Communications_billing_and_revenue_management, Enterprise_manager_for_virtualization, Financial_services_analytical_applications_infrastructure, Jdeveloper, Primavera_unifier, Retail_merchandising_system, Webcenter_portal, Openshift_container_platform 9.8
2019-10-16 CVE-2019-2899 Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: OAM). Supported versions that are affected are 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a... Application_development_framework, Jdeveloper N/A
2019-01-02 CVE-2018-14719 FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization. Debian_linux, Jackson\-Databind, Banking_platform, Communications_billing_and_revenue_management, Enterprise_manager_for_virtualization, Financial_services_analytical_applications_infrastructure, Jdeveloper, Primavera_unifier, Retail_merchandising_system, Webcenter_portal 9.8