Siebel_ui_framework - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Siebel_ui_framework
(Oracle)

Repositories	• https://github.com/jquery/jquery • https://github.com/FasterXML/jackson-databind • https://github.com/jquery/jquery-ui
#Vulnerabilities	53

Date	Id	Summary	Products	Score	Patch	Annotated
2018-08-02	CVE-2018-8032	Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.	Axis, Debian_linux, Agile_engineering_data_management, Agile_product_lifecycle_management, Application_testing_suite, Big_data_discovery, Communications_asap_cartridges, Communications_design_studio, Communications_element_manager, Communications_network_integrity, Communications_order_and_service_management, Communications_session_report_manager, Communications_session_route_manager, Endeca_information_discovery_studio, Enterprise_manager_base_platform, Enterprise_manager_for_fusion_middleware, Financial_services_analytical_applications_infrastructure, Financial_services_compliance_regulatory_reporting, Financial_services_funds_transfer_pricing, Flexcube_core_banking, Flexcube_private_banking, Hospitality_guest_access, Instantis_enterprisetrack, Internet_directory, Knowledge, Peoplesoft_enterprise_human_capital_management_human_resources, Peoplesoft_enterprise_peopletools, Policy_automation_connector_for_siebel, Primavera_gateway, Primavera_unifier, Rapid_planning, Real\-Time_decision_server, Retail_order_broker, Retail_xstore_point_of_service, Secure_global_desktop, Siebel_ui_framework, Tuxedo, Webcenter_portal	6.1
2019-05-01	CVE-2019-0227	A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue.	Axis, Agile_engineering_data_management, Agile_product_lifecycle_management, Application_testing_suite, Big_data_discovery, Communications_asap_cartridges, Communications_design_studio, Communications_element_manager, Communications_network_integrity, Communications_order_and_service_management, Communications_session_report_manager, Communications_session_route_manager, Endeca_information_discovery_studio, Enterprise_manager_base_platform, Enterprise_manager_for_fusion_middleware, Financial_services_analytical_applications_infrastructure, Financial_services_compliance_regulatory_reporting, Financial_services_funds_transfer_pricing, Flexcube_core_banking, Flexcube_private_banking, Hospitality_guest_access, Instantis_enterprisetrack, Internet_directory, Knowledge, Peoplesoft_enterprise_human_capital_management_human_resources, Peoplesoft_enterprise_peopletools, Policy_automation_connector_for_siebel, Primavera_gateway, Primavera_unifier, Rapid_planning, Real\-Time_decision_server, Retail_order_broker, Retail_xstore_point_of_service, Secure_global_desktop, Siebel_ui_framework, Tuxedo, Webcenter_portal	7.5
2020-02-24	CVE-2020-1938	When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses....	Geode, Tomcat, Good_control, Workspaces_server, Debian_linux, Fedora, Data_availability_services, Oncommand_system_manager, Leap, Agile_engineering_data_management, Agile_plm, Communications_element_manager, Communications_instant_messaging_server, Health_sciences_empirica_inspections, Health_sciences_empirica_signal, Hospitality_guest_access, Instantis_enterprisetrack, Mysql_enterprise_monitor, Siebel_ui_framework, Transportation_management, Workload_manager	9.8
2020-01-15	CVE-2020-2559	Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: UIF Open UI). Supported versions that are affected are 19.7 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector:...	Siebel_ui_framework	5.3
2020-01-15	CVE-2020-2560	Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: SWSE Server). Supported versions that are affected are 19.10 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Siebel UI Framework, attacks may significantly impact additional products. Successful attacks of...	Siebel_ui_framework	4.7
2020-01-15	CVE-2020-2564	Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: EAI). Supported versions that are affected are 19.10 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector:...	Siebel_ui_framework	5.3
2020-02-24	CVE-2020-1935	In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely.	Tomcat, Ubuntu_linux, Debian_linux, Data_availability_services, Oncommand_system_manager, Leap, Agile_engineering_data_management, Agile_product_lifecycle_management, Communications_element_manager, Communications_instant_messaging_server, Health_sciences_empirica_inspections, Health_sciences_empirica_signal, Hospitality_guest_access, Hyperion_infrastructure_technology, Instantis_enterprisetrack, Mysql_enterprise_monitor, Retail_order_broker, Siebel_ui_framework, Transportation_management, Workload_manager	4.8
2020-04-15	CVE-2020-2738	Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: EAI, SWSE). Supported versions that are affected are 20.2 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector:...	Siebel_ui_framework	4.3
2020-04-27	CVE-2020-9488	Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1	Log4j, Debian_linux, Communications_application_session_controller, Communications_billing_and_revenue_management, Communications_eagle_ftp_table_base_retrieval, Communications_offline_mediation_controller, Communications_services_gatekeeper, Communications_unified_inventory_management, Data_integrator, Enterprise_manager_for_peoplesoft, Financial_services_analytical_applications_infrastructure, Financial_services_institutional_performance_analytics, Financial_services_market_risk_measurement_and_management, Financial_services_price_creation_and_discovery, Financial_services_retail_customer_analytics, Flexcube_core_banking, Flexcube_private_banking, Health_sciences_information_manager, Insurance_insbridge_rating_and_underwriting, Insurance_policy_administration_j2ee, Insurance_rules_palette, Jd_edwards_world_security, Oracle_goldengate_application_adapters, Peoplesoft_enterprise_peopletools, Policy_automation, Policy_automation_connector_for_siebel, Policy_automation_for_mobile_devices, Primavera_unifier, Retail_advanced_inventory_planning, Retail_assortment_planning, Retail_bulk_data_integration, Retail_customer_management_and_segmentation_foundation, Retail_eftlink, Retail_insights_cloud_service_suite, Retail_integration_bus, Retail_order_broker_cloud_service, Retail_predictive_application_server, Retail_xstore_point_of_service, Siebel_apps_\-_marketing, Siebel_ui_framework, Spatial_and_graph, Storagetek_acsls, Storagetek_tape_analytics_sw_tool, Utilities_framework, Weblogic_server, Reload4j	3.7
2020-05-20	CVE-2020-9484	When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be...	Tomcat, Ubuntu_linux, Debian_linux, Fedora, Epolicy_orchestrator, Leap, Agile_engineering_data_management, Agile_plm, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_policy, Communications_diameter_signaling_router, Communications_element_manager, Communications_instant_messaging_server, Communications_session_report_manager, Communications_session_route_manager, Database, Fmw_platform, Hospitality_guest_access, Instantis_enterprisetrack, Managed_file_transfer, Mysql_enterprise_monitor, Retail_order_broker, Siebel_apps_\-_marketing, Siebel_ui_framework, Transportation_management, Workload_manager	7.0