|
2021-08-23
|
CVE-2021-39140
|
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18...
|
Debian_linux, Fedora, Snapmanager, Business_activity_monitoring, Commerce_guided_search, Communications_billing_and_revenue_management_elastic_charging_engine, Communications_cloud_native_core_automated_test_suite, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_policy, Communications_unified_inventory_management, Retail_xstore_point_of_service, Utilities_framework, Utilities_testing_accelerator, Webcenter_portal, Xstream
|
6.3
|
|
|
|
2021-08-23
|
CVE-2021-39150
|
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the...
|
Debian_linux, Fedora, Snapmanager, Business_activity_monitoring, Commerce_guided_search, Communications_billing_and_revenue_management_elastic_charging_engine, Communications_cloud_native_core_automated_test_suite, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_policy, Communications_unified_inventory_management, Retail_xstore_point_of_service, Utilities_framework, Utilities_testing_accelerator, Webcenter_portal, Xstream
|
8.5
|
|
|
|
2021-08-23
|
CVE-2021-39152
|
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the...
|
Debian_linux, Fedora, Snapmanager, Business_activity_monitoring, Commerce_guided_search, Communications_billing_and_revenue_management_elastic_charging_engine, Communications_cloud_native_core_automated_test_suite, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_policy, Communications_unified_inventory_management, Retail_xstore_point_of_service, Utilities_framework, Utilities_testing_accelerator, Webcenter_portal, Xstream
|
8.5
|
|
|
|
2019-07-23
|
CVE-2019-10173
|
It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. e.g. JSON. (regression of CVE-2013-7285)
|
Banking_platform, Business_activity_monitoring, Communications_billing_and_revenue_management_elastic_charging_engine, Communications_diameter_signaling_router, Communications_unified_inventory_management, Endeca_information_discovery_studio, Retail_xstore_point_of_service, Utilities_framework, Webcenter_portal, Xstream
|
9.8
|
|
|
|
2020-12-18
|
CVE-2020-28052
|
An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.
|
Karaf, Bc\-Java, Banking_corporate_lending_process_management, Banking_credit_facilities_process_management, Banking_extensibility_workbench, Banking_supply_chain_finance, Banking_virtual_account_management, Blockchain_platform, Commerce_guided_search, Communications_application_session_controller, Communications_cloud_native_core_network_slice_selection_function, Communications_convergence, Communications_messaging_server, Communications_pricing_design_center, Communications_session_report_manager, Communications_session_route_manager, Jd_edwards_enterpriseone_tools, Peoplesoft_enterprise_peopletools, Utilities_framework, Webcenter_portal
|
8.1
|
|
|
|
2020-01-15
|
CVE-2020-2555
|
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts)....
|
Access_manager, Coherence, Commerce_platform, Communications_diameter_signaling_router, Healthcare_data_repository, Rapid_planning, Retail_assortment_planning, Utilities_framework, Webcenter_portal
|
9.8
|
|
|
|
2020-04-27
|
CVE-2020-9488
|
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1
|
Log4j, Debian_linux, Communications_application_session_controller, Communications_billing_and_revenue_management, Communications_eagle_ftp_table_base_retrieval, Communications_offline_mediation_controller, Communications_services_gatekeeper, Communications_unified_inventory_management, Data_integrator, Enterprise_manager_for_peoplesoft, Financial_services_analytical_applications_infrastructure, Financial_services_institutional_performance_analytics, Financial_services_market_risk_measurement_and_management, Financial_services_price_creation_and_discovery, Financial_services_retail_customer_analytics, Flexcube_core_banking, Flexcube_private_banking, Health_sciences_information_manager, Insurance_insbridge_rating_and_underwriting, Insurance_policy_administration_j2ee, Insurance_rules_palette, Jd_edwards_world_security, Oracle_goldengate_application_adapters, Peoplesoft_enterprise_peopletools, Policy_automation, Policy_automation_connector_for_siebel, Policy_automation_for_mobile_devices, Primavera_unifier, Retail_advanced_inventory_planning, Retail_assortment_planning, Retail_bulk_data_integration, Retail_customer_management_and_segmentation_foundation, Retail_eftlink, Retail_insights_cloud_service_suite, Retail_integration_bus, Retail_order_broker_cloud_service, Retail_predictive_application_server, Retail_xstore_point_of_service, Siebel_apps_\-_marketing, Siebel_ui_framework, Spatial_and_graph, Storagetek_acsls, Storagetek_tape_analytics_sw_tool, Utilities_framework, Weblogic_server, Reload4j
|
3.7
|
|
|
|
2020-05-14
|
CVE-2020-1945
|
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.
|
Ant, Ubuntu_linux, Fedora, Leap, Agile_engineering_data_management, Banking_enterprise_collections, Banking_liquidity_management, Banking_platform, Business_process_management_suite, Category_management_planning_\&_optimization, Communications_asap, Communications_diameter_signaling_router, Communications_metasolv_solution, Communications_order_and_service_management, Data_integrator, Endeca_information_discovery_studio, Enterprise_manager_ops_center, Enterprise_repository, Financial_services_analytical_applications_infrastructure, Flexcube_investor_servicing, Flexcube_private_banking, Health_sciences_information_manager, Primavera_gateway, Primavera_unifier, Rapid_planning, Real\-Time_decision_server, Retail_advanced_inventory_planning, Retail_assortment_planning, Retail_back_office, Retail_bulk_data_integration, Retail_central_office, Retail_data_extractor_for_merchandising, Retail_extract_transform_and_load, Retail_financial_integration, Retail_integration_bus, Retail_item_planning, Retail_macro_space_optimization, Retail_merchandise_financial_planning, Retail_merchandising_system, Retail_point\-Of\-Service, Retail_predictive_application_server, Retail_regular_price_optimization, Retail_replenishment_optimization, Retail_returns_management, Retail_service_backbone, Retail_size_profile_optimization, Retail_store_inventory_management, Retail_xstore_point_of_service, Timesten_in\-Memory_database, Utilities_framework
|
6.3
|
|
|
|
2020-10-21
|
CVE-2020-14895
|
Vulnerability in the Oracle Utilities Framework product of Oracle Utilities Applications (component: System Wide). Supported versions that are affected are 2.2.0.0.0, 4.2.0.2.0, 4.2.0.3.0, 4.3.0.1.0 - 4.3.0.6.0, 4.4.0.0.0 and 4.4.0.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Utilities Framework. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle...
|
Utilities_framework
|
N/A
|
|
|
|
2020-12-03
|
CVE-2020-25649
|
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.
|
Iotdb, Jackson\-Databind, Fedora, Oncommand_api_services, Oncommand_workflow_automation, Service_level_manager, Agile_plm, Agile_product_lifecycle_management_integration_pack, Banking_apis, Banking_platform, Banking_treasury_management, Blockchain_platform, Coherence, Commerce_platform, Communications_billing_and_revenue_management, Communications_cloud_native_core_unified_data_repository, Communications_convergent_charging_controller, Communications_evolved_communications_application_server, Communications_instant_messaging_server, Communications_interactive_session_recorder, Communications_messaging_server, Communications_network_charging_and_control, Communications_offline_mediation_controller, Communications_pricing_design_center, Communications_services_gatekeeper, Communications_unified_inventory_management, Goldengate_application_adapters, Health_sciences_empirica_signal, Insurance_policy_administration, Insurance_rules_palette, Jd_edwards_enterpriseone_orchestrator, Jd_edwards_enterpriseone_tools, Primavera_gateway, Retail_service_backbone, Retail_xstore_point_of_service, Sd\-Wan_edge, Utilities_framework, Webcenter_portal, Quarkus
|
7.5
|
|
|