|
2024-04-16
|
CVE-2024-20992
|
Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Content integration). The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Portal, attacks may significantly impact additional...
|
Webcenter_portal
|
N/A
|
|
|
|
2020-03-31
|
CVE-2020-11113
|
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).
|
Debian_linux, Jackson\-Databind, Steelstore_cloud_integrated_storage, Agile_plm, Autovue_for_agile_product_lifecycle_management, Banking_digital_experience, Banking_platform, Communications_calendar_server, Communications_contacts_server, Communications_diameter_signaling_router, Communications_element_manager, Communications_evolved_communications_application_server, Communications_instant_messaging_server, Communications_network_charging_and_control, Communications_session_report_manager, Communications_session_route_manager, Enterprise_manager_base_platform, Financial_services_analytical_applications_infrastructure, Financial_services_institutional_performance_analytics, Financial_services_price_creation_and_discovery, Financial_services_retail_customer_analytics, Global_lifecycle_management_opatch, Insurance_policy_administration_j2ee, Jd_edwards_enterpriseone_orchestrator, Jd_edwards_enterpriseone_tools, Primavera_unifier, Retail_merchandising_system, Retail_sales_audit, Retail_service_backbone, Retail_xstore_point_of_service, Webcenter_portal, Weblogic_server
|
8.8
|
|
|
|
2018-02-06
|
CVE-2017-15095
|
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.
|
Debian_linux, Jackson\-Databind, Oncommand_balance, Oncommand_performance_manager, Oncommand_shift, Snapcenter, Banking_platform, Clusterware, Communications_billing_and_revenue_management, Communications_diameter_signaling_router, Communications_instant_messaging_server, Database_server, Enterprise_manager_for_virtualization, Financial_services_analytical_applications_infrastructure, Global_lifecycle_management_opatchauto, Identity_manager, Jd_edwards_enterpriseone_tools, Primavera_unifier, Utilities_advanced_spatial_and_operational_analytics, Webcenter_portal, Jboss_enterprise_application_platform, Openshift_container_platform, Satellite, Satellite_capsule
|
9.8
|
|
|
|
2018-02-06
|
CVE-2017-7525
|
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
|
Debian_linux, Jackson\-Databind, Oncommand_balance, Oncommand_performance_manager, Oncommand_shift, Snapcenter, Banking_platform, Communications_billing_and_revenue_management, Communications_communications_policy_management, Communications_diameter_signaling_route, Communications_instant_messaging_server, Enterprise_manager_for_virtualization, Financial_services_analytical_applications_infrastructure, Global_lifecycle_management_opatchauto, Primavera_unifier, Utilities_advanced_spatial_and_operational_analytics, Webcenter_portal, Jboss_enterprise_application_platform, Openshift_container_platform, Virtualization, Virtualization_host
|
9.8
|
|
|
|
2019-01-02
|
CVE-2018-14719
|
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.
|
Debian_linux, Jackson\-Databind, Oncommand_workflow_automation, Snapcenter, Steelstore_cloud_integrated_storage, Banking_platform, Business_process_management_suite, Clusterware, Communications_billing_and_revenue_management, Database_server, Enterprise_manager_for_virtualization, Financial_services_analytical_applications_infrastructure, Global_lifecycle_management_opatch, Jdeveloper, Primavera_p6_enterprise_project_portfolio_management, Primavera_unifier, Retail_merchandising_system, Retail_workforce_management_software, Webcenter_portal, Openshift_container_platform
|
9.8
|
|
|
|
2019-01-02
|
CVE-2018-14718
|
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.
|
Debian_linux, Jackson\-Databind, Oncommand_workflow_automation, Snapcenter, Steelstore_cloud_integrated_storage, Banking_platform, Business_process_management_suite, Communications_billing_and_revenue_management, Communications_instant_messaging_server, Enterprise_manager_for_virtualization, Financial_services_analytical_applications_infrastructure, Global_lifecycle_management_opatch, Jd_edwards_enterpriseone_orchestrator, Jd_edwards_enterpriseone_tools, Jdeveloper, Nosql_database, Primavera_p6_enterprise_project_portfolio_management, Primavera_unifier, Retail_customer_management_and_segmentation_foundation, Retail_merchandising_system, Retail_workforce_management_software, Siebel_engineering_\-_installer_\&_deployment, Siebel_ui_framework, Webcenter_portal, Openshift_container_platform
|
9.8
|
|
|
|
2019-01-02
|
CVE-2018-19360
|
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.
|
Debian_linux, Jackson\-Databind, Business_process_management_suite, Primavera_p6_enterprise_project_portfolio_management, Primavera_unifier, Retail_workforce_management_software, Webcenter_portal, Automation_manager, Decision_manager, Jboss_bpm_suite, Jboss_brms, Openshift_container_platform
|
9.8
|
|
|
|
2019-01-02
|
CVE-2018-14720
|
FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.
|
Debian_linux, Jackson\-Databind, Banking_platform, Communications_billing_and_revenue_management, Enterprise_manager_for_virtualization, Financial_services_analytical_applications_infrastructure, Jdeveloper, Primavera_unifier, Retail_merchandising_system, Webcenter_portal, Jboss_enterprise_application_platform, Openshift_container_platform
|
9.8
|
|
|
|
2019-01-02
|
CVE-2018-14721
|
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.
|
Debian_linux, Jackson\-Databind, Banking_platform, Communications_billing_and_revenue_management, Enterprise_manager_for_virtualization, Financial_services_analytical_applications_infrastructure, Jdeveloper, Primavera_unifier, Retail_merchandising_system, Webcenter_portal, Jboss_enterprise_application_platform, Openshift_container_platform
|
10.0
|
|
|
|
2019-01-02
|
CVE-2018-19361
|
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.
|
Debian_linux, Jackson\-Databind, Business_process_management_suite, Primavera_p6_enterprise_project_portfolio_management, Primavera_unifier, Retail_workforce_management_software, Webcenter_portal, Automation_manager, Decision_manager, Jboss_bpm_suite, Jboss_brms, Openshift_container_platform
|
9.8
|
|
|