Product:

Weblogic_server

(Oracle)
Repositories https://github.com/bcgit/bc-java
https://github.com/jquery/jquery
https://github.com/jquery/jquery-ui
#Vulnerabilities 298
Date Id Summary Products Score Patch Annotated
2021-01-20 CVE-2021-2033 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core Components). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server. CVSS 3.1... Weblogic_server N/A
2021-01-20 CVE-2021-2047 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts).... Weblogic_server N/A
2021-01-20 CVE-2021-2064 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core Components). The supported version that is affected is 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector:... Weblogic_server N/A
2021-01-20 CVE-2021-2075 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Samples). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and... Weblogic_server N/A
2021-01-20 CVE-2021-2108 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core Components). The supported version that is affected is 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector:... Weblogic_server N/A
2021-01-20 CVE-2021-2109 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and... Weblogic_server N/A
2021-02-18 CVE-2020-28491 This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception. Jackson\-Dataformats\-Binary, Weblogic_server, Quarkus 7.5
2021-02-23 CVE-2021-27568 An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. An exception is thrown from a function, but it is not caught, as demonstrated by NumberFormatException. When it is not caught, it may cause programs using the library to crash or expose sensitive information. Json\-Smart\-V1, Json\-Smart\-V2, Communications_cloud_native_core_policy, Oss_support_tools, Peoplesoft_enterprise_peopletools, Utilities_framework, Weblogic_server 5.9
2021-03-23 CVE-2021-21347 XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have... Debian_linux, Fedora, Banking_enterprise_default_management, Banking_platform, Banking_virtual_account_management, Business_activity_monitoring, Communications_billing_and_revenue_management_elastic_charging_engine, Communications_policy_management, Communications_unified_inventory_management, Retail_xstore_point_of_service, Webcenter_portal, Weblogic_server, Xstream 9.8
2021-03-23 CVE-2021-21350 XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to execute arbitrary code only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16. Debian_linux, Fedora, Banking_enterprise_default_management, Banking_platform, Banking_virtual_account_management, Business_activity_monitoring, Communications_billing_and_revenue_management_elastic_charging_engine, Communications_policy_management, Communications_unified_inventory_management, Retail_xstore_point_of_service, Webcenter_portal, Weblogic_server, Xstream 9.8