2017-10-04
|
CVE-2017-12617
|
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
|
Tomcat, Ubuntu_linux, Debian_linux, Active_iq_unified_manager, Element, Oncommand_balance, Oncommand_insight, Oncommand_shift, Oncommand_workflow_automation, Snapcenter, Agile_plm, Communications_instant_messaging_server, Endeca_information_discovery_integrator, Enterprise_manager_for_mysql_database, Financial_services_analytical_applications_infrastructure, Fmw_platform, Health_sciences_empirica_inspections, Hospitality_guest_access, Instantis_enterprisetrack, Management_pack, Micros_lucas, Micros_retail_xbri_loss_prevention, Mysql_enterprise_monitor, Retail_advanced_inventory_planning, Retail_back_office, Retail_central_office, Retail_convenience_and_fuel_pos_software, Retail_eftlink, Retail_insights, Retail_invoice_matching, Retail_order_broker, Retail_order_management_system, Retail_point\-Of\-Service, Retail_price_management, Retail_returns_management, Retail_store_inventory_management, Retail_xstore_point_of_service, Transportation_management, Tuxedo_system_and_applications_monitor, Webcenter_sites, Workload_manager, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_eus_compute_node, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_power_big_endian, Enterprise_linux_for_power_big_endian_eus, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Fuse, Jboss_enterprise_application_platform, Jboss_enterprise_web_server, Jboss_enterprise_web_server_text\-Only_advisories
|
8.1
|
|
|
2018-01-18
|
CVE-2015-9251
|
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
|
Jquery, Agile_product_lifecycle_management_for_process, Banking_platform, Business_process_management_suite, Communications_converged_application_server, Communications_interactive_session_recorder, Communications_services_gatekeeper, Communications_webrtc_session_controller, Endeca_information_discovery_studio, Enterprise_manager_ops_center, Enterprise_operations_monitor, Financial_services_analytical_applications_infrastructure, Financial_services_asset_liability_management, Financial_services_data_integration_hub, Financial_services_funds_transfer_pricing, Financial_services_hedge_management_and_ifrs_valuations, Financial_services_liquidity_risk_management, Financial_services_loan_loss_forecasting_and_provisioning, Financial_services_market_risk_measurement_and_management, Financial_services_profitability_management, Financial_services_reconciliation_framework, Fusion_middleware_mapviewer, Healthcare_foundation, Healthcare_translational_research, Hospitality_cruise_fleet_management, Hospitality_guest_access, Hospitality_materials_control, Hospitality_reporting_and_analytics, Insurance_insbridge_rating_and_underwriting, Jd_edwards_enterpriseone_tools, Jdeveloper, Oss_support_tools, Peoplesoft_enterprise_peopletools, Primavera_gateway, Primavera_unifier, Real\-Time_scheduler, Retail_allocation, Retail_customer_insights, Retail_invoice_matching, Retail_sales_audit, Retail_workforce_management_software, Service_bus, Siebel_ui_framework, Utilities_framework, Utilities_mobile_workforce_management, Webcenter_sites, Weblogic_server
|
6.1
|
|
|
2018-10-18
|
CVE-2018-15756
|
Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of...
|
Debian_linux, Agile_plm, Communications_brm_\-_elastic_charging_engine, Communications_converged_application_server_\-_service_controller, Communications_diameter_signaling_router, Communications_element_manager, Communications_online_mediation_controller, Communications_session_report_manager, Communications_session_route_manager, Communications_unified_inventory_management, Endeca_information_discovery_integrator, Enterprise_manager_for_fusion_applications, Enterprise_manager_ops_center, Financial_services_analytical_applications_infrastructure, Flexcube_private_banking, Goldengate_application_adapters, Healthcare_master_person_index, Identity_manager_connector, Insurance_calculation_engine, Insurance_policy_administration_j2ee, Insurance_rules_palette, Mysql_enterprise_monitor, Primavera_analytics, Primavera_gateway, Rapid_planning, Retail_advanced_inventory_planning, Retail_assortment_planning, Retail_clearance_optimization_engine, Retail_financial_integration, Retail_integration_bus, Retail_invoice_matching, Retail_markdown_optimization, Retail_order_broker, Retail_predictive_application_server, Retail_service_backbone, Retail_xstore_point_of_service, Tape_library_acsls, Webcenter_sites, Weblogic_server, Spring_framework
|
7.5
|
|
|
2019-08-20
|
CVE-2019-10086
|
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.
|
Commons_beanutils, Nifi, Debian_linux, Fedora, Leap, Agile_plm, Agile_product_lifecycle_management_integration_pack, Application_testing_suite, Banking_platform, Blockchain_platform, Communications_billing_and_revenue_management, Communications_billing_and_revenue_management_elastic_charging_engine, Communications_cloud_native_core_console, Communications_cloud_native_core_policy, Communications_cloud_native_core_unified_data_repository, Communications_convergence, Communications_design_studio, Communications_evolved_communications_application_server, Communications_metasolv_solution, Communications_network_integrity, Communications_performance_intelligence_center, Communications_pricing_design_center, Communications_unified_inventory_management, Customer_management_and_segmentation_foundation, Enterprise_manager_for_virtualization, Financial_services_revenue_management_and_billing_analytics, Flexcube_private_banking, Fusion_middleware, Healthcare_foundation, Hospitality_opera_5, Hospitality_reporting_and_analytics, Insurance_data_gateway, Jd_edwards_enterpriseone_orchestrator, Jd_edwards_enterpriseone_tools, Peoplesoft_enterprise_peopletools, Peoplesoft_enterprise_pt_peopletools, Primavera_gateway, Real\-Time_decisions_solutions, Retail_advanced_inventory_planning, Retail_back_office, Retail_central_office, Retail_invoice_matching, Retail_merchandising_system, Retail_point\-Of\-Service, Retail_predictive_application_server, Retail_price_management, Retail_returns_management, Retail_xstore_point_of_service, Service_bus, Solaris_cluster, Time_and_labor, Utilities_framework, Weblogic_server, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Jboss_enterprise_application_platform
|
7.3
|
|
|
2019-11-08
|
CVE-2019-10219
|
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
|
Active_iq_unified_manager, Element, Management_services_for_element_software_and_netapp_hci, Snapcenter_plug\-In, Access_manager, Agile_engineering_data_management, Agile_plm, Agile_product_lifecycle_analytics, Agile_product_lifecycle_management_integration_pack, Airlines_data_model, Application_express, Application_performance_management, Application_testing_suite, Argus_analytics, Argus_insight, Argus_safety, Banking_apis, Banking_deposits_and_lines_of_credit_servicing, Banking_digital_experience, Banking_enterprise_default_management, Banking_enterprise_default_managment, Banking_loans_servicing, Banking_party_management, Banking_platform, Bi_publisher, Big_data_spatial_and_graph, Business_activity_monitoring, Business_intelligence, Business_process_management_suite, Clinical, Commerce_guided_search, Commerce_platform, Communications_application_session_controller, Communications_billing_and_revenue_management, Communications_billing_and_revenue_management_elastic_charging_engine, Communications_calendar_server, Communications_cloud_native_core_automated_test_suite, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_console, Communications_cloud_native_core_network_function_cloud_native_environment, Communications_cloud_native_core_network_repository_function, Communications_cloud_native_core_policy, Communications_cloud_native_core_security_edge_protection_proxy, Communications_cloud_native_core_service_communication_proxy, Communications_cloud_native_core_unified_data_repository, Communications_contacts_server, Communications_converged_application_server_\-_service_controller, Communications_convergence, Communications_convergent_charging_controller, Communications_data_model, Communications_design_studio, Communications_diameter_signaling_route, Communications_eagle_application_processor, Communications_instant_messaging_server, Communications_interactive_session_recorder, Communications_messaging_server, Communications_metasolv_solution, Communications_network_charging_and_control, Communications_network_integrity, Communications_offline_mediation_controller, Communications_operations_monitor, Communications_pricing_design_center, Communications_service_broker, Communications_services_gatekeeper, Communications_session_border_controller, Communications_unified_inventory_management, Communications_webrtc_session_controller, Data_integrator, Database_server, Demantra_demand_management, Documaker, E\-Business_suite, Enterprise_communications_broker, Enterprise_data_quality, Enterprise_manager_base_platform, Enterprise_manager_ops_center, Enterprise_session_border_controller, Essbase, Essbase_administration_services, Financial_services_analytical_applications_infrastructure, Financial_services_behavior_detection_platform, Financial_services_enterprise_case_management, Financial_services_foreign_account_tax_compliance_act_management, Financial_services_model_management_and_governance, Financial_services_trade\-Based_anti_money_laundering, Flexcube_investor_servicing, Flexcube_private_banking, Fujitsu_m10\-1_firmware, Fujitsu_m10\-4_firmware, Fujitsu_m10\-4s_firmware, Fujitsu_m12\-1_firmware, Fujitsu_m12\-2_firmware, Fujitsu_m12\-2s_firmware, Fusion_middleware, Fusion_middleware_mapviewer, Goldengate, Goldengate_application_adapters, Graalvm, Graph_server_and_client, Health_sciences_clinical_development_analytics, Health_sciences_inform_crf_submit, Health_sciences_information_manager, Healthcare_data_repository, Healthcare_foundation, Healthcare_translational_research, Hospitality_cruise_shipboard_property_management_system, Hospitality_opera_5_property_services, Hospitality_reporting_and_analytics, Hospitality_suite8, Http_server, Hyperion_financial_management, Hyperion_ilearning, Hyperion_infrastructure_technology, Instantis_enterprisetrack, Insurance_data_gateway, Insurance_insbridge_rating_and_underwriting, Insurance_policy_administration, Insurance_policy_administration_j2ee, Insurance_rules_palette, Java_se, Jd_edwards_enterpriseone_orchestrator, Jdk, Managed_file_transfer, Mysql_cluster, Mysql_connectors, Mysql_server, Mysql_workbench, Nosql_database, Oss_support_tools, Peoplesoft_enterprise_cs_sa_integration_pack, Peoplesoft_enterprise_people_tools, Peoplesoft_enterprise_peopletools, Policy_automation, Primavera_analytics, Primavera_data_warehouse, Primavera_gateway, Primavera_p6_enterprise_project_portfolio_management, Primavera_p6_professional_project_management, Primavera_portfolio_management, Primavera_unifier, Rapid_planning, Real\-Time_decision_server, Real_user_experience_insight, Rest_data_services, Retail_allocation, Retail_analytics, Retail_assortment_planning, Retail_back_office, Retail_central_office, Retail_customer_insights, Retail_customer_management_and_segmentation_foundation, Retail_eftlink, Retail_extract_transform_and_load, Retail_financial_integration, Retail_fiscal_management, Retail_integration_bus, Retail_invoice_matching, Retail_merchandising_system, Retail_order_broker, Retail_order_management_system, Retail_point\-Of\-Sale, Retail_predictive_application_server, Retail_price_management, Retail_returns_management, Retail_service_backbone, Retail_size_profile_optimization, Retail_xstore_point_of_service, Sd\-Wan_aware, Sd\-Wan_edge, Secure_backup, Siebel_applications, Solaris, Spatial_studio, Thesaurus_management_system, Timesten_in\-Memory_database, Utilities_framework, Utilities_testing_accelerator, Vm_virtualbox, Webcenter_portal, Weblogic_server, Zfs_storage_appliance_kit, Zfs_storage_application_integration_engineering_software, Fuse, Hibernate_validator, Jboss_data_grid, Jboss_enterprise_application_platform, Openshift_application_runtimes, Single_sign\-On
|
6.1
|
|
|
2020-09-19
|
CVE-2020-5421
|
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
|
Oncommand_insight, Snap_creator_framework, Snapcenter, Commerce_guided_search, Communications_brm, Communications_design_studio, Communications_session_report_manager, Communications_unified_inventory_management, Endeca_information_discovery_integrator, Enterprise_data_quality, Financial_services_analytical_applications_infrastructure, Flexcube_private_banking, Fusion_middleware, Goldengate_application_adapters, Healthcare_master_person_index, Hyperion_infrastructure_technology, Insurance_policy_administration, Insurance_rules_palette, Mysql_enterprise_monitor, Primavera_gateway, Primavera_p6_enterprise_project_portfolio_management, Retail_assortment_planning, Retail_bulk_data_integration, Retail_customer_engagement, Retail_customer_management_and_segmentation_foundation, Retail_financial_integration, Retail_integration_bus, Retail_invoice_matching, Retail_merchandising_system, Retail_order_broker, Retail_predictive_application_server, Retail_returns_management, Retail_service_backbone, Retail_xstore_point_of_service, Storagetek_acsls, Storagetek_tape_analytics_sw_tool, Weblogic_server, Spring_framework
|
6.5
|
|
|
2021-07-14
|
CVE-2021-36373
|
When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected.
|
Ant, Agile_plm, Banking_trade_finance, Banking_treasury_management, Communications_cloud_native_core_automated_test_suite, Communications_cloud_native_core_binding_support_function, Communications_order_and_service_management, Communications_unified_inventory_management, Enterprise_repository, Financial_services_analytical_applications_infrastructure, Insurance_policy_administration, Primavera_gateway, Primavera_unifier, Real\-Time_decision_server, Retail_advanced_inventory_planning, Retail_back_office, Retail_bulk_data_integration, Retail_central_office, Retail_eftlink, Retail_extract_transform_and_load, Retail_financial_integration, Retail_integration_bus, Retail_invoice_matching, Retail_merchandising_system, Retail_point\-Of\-Service, Retail_predictive_application_server, Retail_service_backbone, Retail_store_inventory_management, Retail_xstore_point_of_service, Timesten_in\-Memory_database, Utilities_framework, Utilities_testing_accelerator
|
5.5
|
|
|
2021-07-14
|
CVE-2021-36374
|
When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files. Apache Ant prior to 1.9.16 and 1.10.11 were affected.
|
Ant, Agile_engineering_data_management, Agile_plm, Banking_trade_finance, Banking_treasury_management, Communications_cloud_native_core_automated_test_suite, Communications_cloud_native_core_binding_support_function, Communications_diameter_intelligence_hub, Communications_order_and_service_management, Communications_unified_inventory_management, Enterprise_repository, Financial_services_analytical_applications_infrastructure, Health_sciences_information_manager, Insurance_policy_administration, Primavera_gateway, Primavera_unifier, Product_lifecycle_analytics, Real\-Time_decision_server, Retail_advanced_inventory_planning, Retail_back_office, Retail_bulk_data_integration, Retail_central_office, Retail_eftlink, Retail_extract_transform_and_load, Retail_financial_integration, Retail_integration_bus, Retail_invoice_matching, Retail_merchandising_system, Retail_point\-Of\-Service, Retail_predictive_application_server, Retail_service_backbone, Retail_store_inventory_management, Retail_xstore_point_of_service, Timesten_in\-Memory_database, Utilities_framework, Utilities_testing_accelerator
|
5.5
|
|
|
2021-12-18
|
CVE-2021-45105
|
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.
|
Log4j, Debian_linux, Cloud_manager, Agile_engineering_data_management, Agile_plm, Agile_plm_mcad_connector, Autovue_for_agile_product_lifecycle_management, Banking_deposits_and_lines_of_credit_servicing, Banking_enterprise_default_management, Banking_loans_servicing, Banking_party_management, Banking_payments, Banking_platform, Banking_trade_finance, Banking_treasury_management, Business_intelligence, Communications_asap, Communications_billing_and_revenue_management, Communications_cloud_native_core_console, Communications_cloud_native_core_network_function_cloud_native_environment, Communications_cloud_native_core_network_repository_function, Communications_cloud_native_core_network_slice_selection_function, Communications_cloud_native_core_policy, Communications_cloud_native_core_security_edge_protection_proxy, Communications_cloud_native_core_service_communication_proxy, Communications_cloud_native_core_unified_data_repository, Communications_convergence, Communications_convergent_charging_controller, Communications_diameter_signaling_router, Communications_eagle_element_management_system, Communications_eagle_ftp_table_base_retrieval, Communications_element_manager, Communications_evolved_communications_application_server, Communications_interactive_session_recorder, Communications_ip_service_activator, Communications_messaging_server, Communications_network_charging_and_control, Communications_network_integrity, Communications_performance_intelligence_center, Communications_pricing_design_center, Communications_service_broker, Communications_services_gatekeeper, Communications_session_report_manager, Communications_session_route_manager, Communications_unified_inventory_management, Communications_user_data_repository, Communications_webrtc_session_controller, Data_integrator, E\-Business_suite, Enterprise_manager_base_platform, Enterprise_manager_for_peoplesoft, Enterprise_manager_ops_center, Financial_services_analytical_applications_infrastructure, Financial_services_model_management_and_governance, Flexcube_universal_banking, Health_sciences_empirica_signal, Health_sciences_inform, Health_sciences_information_manager, Healthcare_data_repository, Healthcare_foundation, Healthcare_master_person_index, Healthcare_translational_research, Hospitality_suite8, Hospitality_token_proxy_service, Hyperion_bi\+, Hyperion_data_relationship_management, Hyperion_infrastructure_technology, Hyperion_planning, Hyperion_profitability_and_cost_management, Hyperion_tax_provision, Identity_management_suite, Identity_manager_connector, Instantis_enterprisetrack, Insurance_data_gateway, Insurance_insbridge_rating_and_underwriting, Jdeveloper, Managed_file_transfer, Management_cloud_engine, Mysql_enterprise_monitor, Payment_interface, Peoplesoft_enterprise_peopletools, Primavera_gateway, Primavera_p6_enterprise_project_portfolio_management, Primavera_unifier, Retail_back_office, Retail_central_office, Retail_customer_insights, Retail_data_extractor_for_merchandising, Retail_eftlink, Retail_financial_integration, Retail_integration_bus, Retail_invoice_matching, Retail_merchandising_system, Retail_order_broker, Retail_order_management_system, Retail_point\-Of\-Service, Retail_predictive_application_server, Retail_price_management, Retail_returns_management, Retail_service_backbone, Retail_store_inventory_management, Siebel_ui_framework, Sql_developer, Taleo_platform, Utilities_framework, Webcenter_portal, Webcenter_sites, Weblogic_server, 6bk1602\-0aa12\-0tp0_firmware, 6bk1602\-0aa22\-0tp0_firmware, 6bk1602\-0aa32\-0tp0_firmware, 6bk1602\-0aa42\-0tp0_firmware, 6bk1602\-0aa52\-0tp0_firmware, Email_security, Network_security_manager, Web_application_firewall
|
5.9
|
|
|
2019-10-02
|
CVE-2019-17091
|
faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client window field is mishandled.
|
Mojarra, Application_testing_suite, Banking_enterprise_product_manufacturing, Communications_diameter_signaling_router, Communications_network_integrity, Communications_unified_inventory_management, Enterprise_data_quality, Health_sciences_information_manager, Healthcare_data_repository, Mojarra_javaserver_faces, Primavera_p6_enterprise_project_portfolio_management, Rapid_planning, Retail_advanced_inventory_planning, Retail_assortment_planning, Retail_bulk_data_integration, Retail_financial_integration, Retail_integration_bus, Retail_invoice_matching, Retail_merchandising_system, Retail_service_backbone, Retail_store_inventory_management, Secure_global_desktop, Time_and_labor
|
6.1
|
|
|