Product:

Rapid_planning

(Oracle)
Repositories https://github.com/dom4j/dom4j
#Vulnerabilities 18
Date Id Summary Products Score Patch Annotated
2019-05-01 CVE-2019-0227 A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue. Axis, Agile_engineering_data_management, Agile_product_lifecycle_management_framework, Application_testing_suite, Big_data_discovery, Communications_asap_cartridges, Communications_design_studio, Communications_element_manager, Communications_network_integrity, Communications_order_and_service_management, Communications_session_report_manager, Communications_session_route_manager, Endeca_information_discovery_studio, Enterprise_manager_base_platform, Enterprise_manager_for_fusion_middleware, Financial_services_analytical_applications_infrastructure, Financial_services_compliance_regulatory_reporting, Financial_services_funds_transfer_pricing, Flexcube_core_banking, Flexcube_private_banking, Hospitality_guest_access, Instantis_enterprisetrack, Internet_directory, Knowledge, Peoplesoft_enterprise_human_capital_management_human_resources, Peoplesoft_enterprise_peopletools, Policy_automation_connector_for_siebel, Primavera_gateway, Primavera_unifier, Rapid_planning, Real\-Time_decision_server, Retail_order_broker, Retail_xstore_point_of_service, Secure_global_desktop, Siebel_ui_framework, Tuxedo, Webcenter_portal 7.5
2019-11-08 CVE-2019-10219 A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack. Active_iq_unified_manager, Element, Management_services_for_element_software_and_netapp_hci, Snapcenter_plug\-In, Access_manager, Agile_engineering_data_management, Agile_plm, Agile_product_lifecycle_analytics, Agile_product_lifecycle_management_integration_pack, Airlines_data_model, Application_express, Application_performance_management, Application_testing_suite, Argus_analytics, Argus_insight, Argus_safety, Banking_apis, Banking_deposits_and_lines_of_credit_servicing, Banking_digital_experience, Banking_enterprise_default_management, Banking_enterprise_default_managment, Banking_loans_servicing, Banking_party_management, Banking_platform, Bi_publisher, Big_data_spatial_and_graph, Business_activity_monitoring, Business_intelligence, Business_process_management_suite, Clinical, Commerce_guided_search, Commerce_platform, Communications_application_session_controller, Communications_billing_and_revenue_management, Communications_billing_and_revenue_management_elastic_charging_engine, Communications_calendar_server, Communications_cloud_native_core_automated_test_suite, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_console, Communications_cloud_native_core_network_function_cloud_native_environment, Communications_cloud_native_core_network_repository_function, Communications_cloud_native_core_policy, Communications_cloud_native_core_security_edge_protection_proxy, Communications_cloud_native_core_service_communication_proxy, Communications_cloud_native_core_unified_data_repository, Communications_contacts_server, Communications_converged_application_server_\-_service_controller, Communications_convergence, Communications_convergent_charging_controller, Communications_data_model, Communications_design_studio, Communications_diameter_signaling_route, Communications_eagle_application_processor, Communications_instant_messaging_server, Communications_interactive_session_recorder, Communications_messaging_server, Communications_metasolv_solution, Communications_network_charging_and_control, Communications_network_integrity, Communications_offline_mediation_controller, Communications_operations_monitor, Communications_pricing_design_center, Communications_service_broker, Communications_services_gatekeeper, Communications_session_border_controller, Communications_unified_inventory_management, Communications_webrtc_session_controller, Data_integrator, Database_server, Demantra_demand_management, Documaker, E\-Business_suite, Enterprise_communications_broker, Enterprise_data_quality, Enterprise_manager_base_platform, Enterprise_manager_ops_center, Enterprise_session_border_controller, Essbase, Essbase_administration_services, Financial_services_analytical_applications_infrastructure, Financial_services_behavior_detection_platform, Financial_services_enterprise_case_management, Financial_services_foreign_account_tax_compliance_act_management, Financial_services_model_management_and_governance, Financial_services_trade\-Based_anti_money_laundering, Flexcube_investor_servicing, Flexcube_private_banking, Fujitsu_m10\-1_firmware, Fujitsu_m10\-4_firmware, Fujitsu_m10\-4s_firmware, Fujitsu_m12\-1_firmware, Fujitsu_m12\-2_firmware, Fujitsu_m12\-2s_firmware, Fusion_middleware, Fusion_middleware_mapviewer, Goldengate, Goldengate_application_adapters, Graalvm, Graph_server_and_client, Health_sciences_clinical_development_analytics, Health_sciences_inform_crf_submit, Health_sciences_information_manager, Healthcare_data_repository, Healthcare_foundation, Healthcare_translational_research, Hospitality_cruise_shipboard_property_management_system, Hospitality_opera_5_property_services, Hospitality_reporting_and_analytics, Hospitality_suite8, Http_server, Hyperion_financial_management, Hyperion_ilearning, Hyperion_infrastructure_technology, Instantis_enterprisetrack, Insurance_data_gateway, Insurance_insbridge_rating_and_underwriting, Insurance_policy_administration, Insurance_policy_administration_j2ee, Insurance_rules_palette, Java_se, Jd_edwards_enterpriseone_orchestrator, Jdk, Managed_file_transfer, Mysql_cluster, Mysql_connectors, Mysql_server, Mysql_workbench, Nosql_database, Oss_support_tools, Peoplesoft_enterprise_cs_sa_integration_pack, Peoplesoft_enterprise_people_tools, Peoplesoft_enterprise_peopletools, Policy_automation, Primavera_analytics, Primavera_data_warehouse, Primavera_gateway, Primavera_p6_enterprise_project_portfolio_management, Primavera_p6_professional_project_management, Primavera_portfolio_management, Primavera_unifier, Rapid_planning, Real\-Time_decision_server, Real_user_experience_insight, Rest_data_services, Retail_allocation, Retail_analytics, Retail_assortment_planning, Retail_back_office, Retail_central_office, Retail_customer_insights, Retail_customer_management_and_segmentation_foundation, Retail_eftlink, Retail_extract_transform_and_load, Retail_financial_integration, Retail_fiscal_management, Retail_integration_bus, Retail_invoice_matching, Retail_merchandising_system, Retail_order_broker, Retail_order_management_system, Retail_point\-Of\-Sale, Retail_predictive_application_server, Retail_price_management, Retail_returns_management, Retail_service_backbone, Retail_size_profile_optimization, Retail_xstore_point_of_service, Sd\-Wan_aware, Sd\-Wan_edge, Secure_backup, Siebel_applications, Solaris, Spatial_studio, Thesaurus_management_system, Timesten_in\-Memory_database, Utilities_framework, Utilities_testing_accelerator, Vm_virtualbox, Webcenter_portal, Weblogic_server, Zfs_storage_appliance_kit, Zfs_storage_application_integration_engineering_software, Fuse, Hibernate_validator, Jboss_data_grid, Jboss_enterprise_application_platform, Openshift_application_runtimes, Single_sign\-On 6.1
2019-12-20 CVE-2019-17571 Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17. Bookkeeper, Log4j, Ubuntu_linux, Debian_linux, Oncommand_system_manager, Oncommand_workflow_automation, Leap, Application_testing_suite, Communications_network_integrity, Endeca_information_discovery_studio, Financial_services_lending_and_leasing, Mysql_enterprise_monitor, Primavera_gateway, Rapid_planning, Retail_extract_transform_and_load, Retail_service_backbone, Weblogic_server 9.8
2020-01-17 CVE-2020-5398 In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input. Data_availability_services, Snapcenter, Application_testing_suite, Communications_billing_and_revenue_management_elastic_charging_engine, Communications_cloud_native_core_policy, Communications_diameter_signaling_router, Communications_element_manager, Communications_policy_management, Communications_session_report_manager, Communications_session_route_manager, Enterprise_manager_base_platform, Financial_services_regulatory_reporting_with_agilereporter, Flexcube_private_banking, Healthcare_master_person_index, Insurance_calculation_engine, Insurance_policy_administration_j2ee, Insurance_rules_palette, Mysql, Rapid_planning, Retail_assortment_planning, Retail_back_office, Retail_bulk_data_integration, Retail_central_office, Retail_financial_integration, Retail_integration_bus, Retail_order_broker, Retail_point\-Of\-Service, Retail_predictive_application_server, Retail_returns_management, Retail_service_backbone, Siebel_engineering_\-_installer_\&_deployment, Weblogic_server, Spring_framework 7.5
2020-05-01 CVE-2020-10683 dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Ubuntu_linux, Dom4j, Oncommand_api_services, Oncommand_workflow_automation, Snap_creator_framework, Snapcenter, Snapmanager, Leap, Agile_plm, Application_testing_suite, Banking_platform, Business_process_management_suite, Communications_application_session_controller, Communications_diameter_signaling_router, Communications_unified_inventory_management, Data_integrator, Documaker, Endeca_information_discovery_integrator, Enterprise_data_quality, Enterprise_manager_base_platform, Financial_services_analytical_applications_infrastructure, Flexcube_core_banking, Fusion_middleware, Health_sciences_empirica_signal, Health_sciences_information_manager, Insurance_policy_administration_j2ee, Insurance_rules_palette, Jdeveloper, Primavera_p6_enterprise_project_portfolio_management, Rapid_planning, Retail_customer_management_and_segmentation_foundation, Retail_integration_bus, Retail_order_broker, Retail_price_management, Retail_xstore_point_of_service, Storagetek_tape_analytics_sw_tool, Utilities_framework, Webcenter_portal 9.8
2020-05-14 CVE-2020-1945 Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process. Ant, Ubuntu_linux, Fedora, Leap, Agile_engineering_data_management, Banking_enterprise_collections, Banking_liquidity_management, Banking_platform, Business_process_management_suite, Category_management_planning_\&_optimization, Communications_asap, Communications_diameter_signaling_router, Communications_metasolv_solution, Communications_order_and_service_management, Data_integrator, Endeca_information_discovery_studio, Enterprise_manager_ops_center, Enterprise_repository, Financial_services_analytical_applications_infrastructure, Flexcube_investor_servicing, Flexcube_private_banking, Health_sciences_information_manager, Primavera_gateway, Primavera_unifier, Rapid_planning, Real\-Time_decision_server, Retail_advanced_inventory_planning, Retail_assortment_planning, Retail_back_office, Retail_bulk_data_integration, Retail_central_office, Retail_data_extractor_for_merchandising, Retail_extract_transform_and_load, Retail_financial_integration, Retail_integration_bus, Retail_item_planning, Retail_macro_space_optimization, Retail_merchandise_financial_planning, Retail_merchandising_system, Retail_point\-Of\-Service, Retail_predictive_application_server, Retail_regular_price_optimization, Retail_replenishment_optimization, Retail_returns_management, Retail_service_backbone, Retail_size_profile_optimization, Retail_store_inventory_management, Retail_xstore_point_of_service, Timesten_in\-Memory_database, Utilities_framework 6.3
2019-06-19 CVE-2019-2729 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts).... Communications_diameter_signaling_router, Communications_network_integrity, Hyperion_infrastructure_technology, Identity_manager, Peoplesoft_enterprise_peopletools, Rapid_planning, Storagetek_tape_analytics_sw_tool, Tape_library_acsls, Weblogic_server 9.8
2020-01-15 CVE-2020-2555 Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts).... Coherence, Commerce_platform, Communications_diameter_signaling_router, Healthcare_data_repository, Rapid_planning, Retail_assortment_planning, Utilities_framework, Webcenter_portal 9.8
2020-01-17 CVE-2020-5397 Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not include credentials and therefore requests should fail authentication. However a notable exception to this are Chrome based browsers when using client certificates for authentication since Chrome... Application_testing_suite, Communications_brm_\-_elastic_charging_engine, Communications_diameter_signaling_router, Communications_element_manager, Communications_policy_management, Communications_session_route_manager, Enterprise_manager_base_platform, Financial_services_regulatory_reporting_with_agilereporter, Flexcube_private_banking, Healthcare_master_person_index, Insurance_calculation_engine, Insurance_policy_administration_j2ee, Insurance_rules_palette, Mysql_enterprise_monitor, Rapid_planning, Retail_assortment_planning, Retail_back_office, Retail_central_office, Retail_financial_integration, Retail_integration_bus, Retail_order_broker, Retail_point\-Of\-Service, Retail_predictive_application_server, Retail_returns_management, Retail_service_backbone, Weblogic_server, Spring_framework 5.3
2018-04-06 CVE-2018-1271 Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack. Application_testing_suite, Big_data_discovery, Communications_converged_application_server, Communications_diameter_signaling_router, Communications_performance_intelligence_center, Communications_policy_management, Communications_services_gatekeeper, Enterprise_manager_ops_center, Goldengate_for_big_data, Health_sciences_information_manager, Healthcare_master_person_index, Insurance_calculation_engine, Insurance_rules_palette, Primavera_gateway, Rapid_planning, Retail_back_office, Retail_central_office, Retail_customer_insights, Retail_integration_bus, Retail_open_commerce_platform, Retail_order_broker, Retail_point\-Of\-Sale, Retail_predictive_application_server, Retail_returns_management, Retail_xstore_point_of_service, Service_architecture_leveraging_tuxedo, Tape_library_acsls, Spring_framework 5.9