Enterprise Repository

enterprise_repository

Vendor: Oracle • 21 CVEs

CVEs (21)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-36374 2Apache Oracle 36Agile Engineering Data Management Agile PlmAnt+33 more Nov 21, 2024 Jul 14, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to dis...Show more When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files. Apache Ant prior to 1.9.16 and 1.10.11 were affected.Show less
CVE-2021-36373 2Apache Oracle 32Agile Plm AntBanking Trade Finance+29 more Nov 21, 2024 Jul 14, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds usi...Show more When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected.Show less
CVE-2020-11987 4Apache DebianFedoraproject+1 more 22Agile Engineering Data Management Banking ApisBanking Digital Experience+19 more Nov 3, 2025 Feb 24, 2021 N/A· v4 8.2 HIGH· v3 6.4 MEDIUM· v2 Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the...Show more Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.Show less
CVE-2021-1994 1Oracle 2Enterprise Repository Weblogic Server Nov 21, 2024 Jan 20, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unaut...Show more Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).Show less
CVE-2019-17566 2Apache Oracle 18Api Gateway BatikBusiness Intelligence+15 more Nov 21, 2024 Nov 12, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause...Show more Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.Show less
CVE-2020-11979 4Apache FedoraprojectGradle+1 more 37Agile Engineering Data Management AntApi Gateway+34 more Nov 21, 2024 Oct 1, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file...Show more As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.Show less
CVE-2020-11998 2Apache Oracle 7Activemq Communications Diameter Signaling RouterCommunications Element Manager+4 more Nov 21, 2024 Sep 10, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it leaves ActiveMQ open t...Show more A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it leaves ActiveMQ open to the following attack: https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html "A remote client could create a javax.management.loading.MLet MBean and use it to create new MBeans from arbitrary URLs, at least if there is no security manager. In other words, a rogue remote client could make your Java application execute arbitrary code." Mitigation: Upgrade to Apache ActiveMQ 5.15.13Show less
CVE-2020-11994 2Apache Oracle 4Camel Communications Diameter Signaling RouterEnterprise Manager Base Platform+1 more Nov 21, 2024 Jul 8, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Server-Side Template Injection and arbitrary file disclosure on Camel templating components
CVE-2020-1941 2Apache Oracle 7Activemq Communications Diameter Signaling RouterCommunications Element Manager+4 more Nov 21, 2024 May 14, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue.
CVE-2020-1945 5Apache CanonicalFedoraproject+2 more 50Agile Engineering Data Management AntBanking Enterprise Collections+47 more Nov 21, 2024 May 14, 2020 N/A· v4 6.3 MEDIUM· v3 3.3 LOW· v2 Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replacer...Show more Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.Show less
CVE-2019-12415 2Apache Oracle 27Application Testing Suite Banking Enterprise OriginationsBanking Enterprise Product Manufacturing+24 more Nov 21, 2024 Oct 23, 2019 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from intern...Show more In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing.Show less
CVE-2019-2904 1Oracle 22Application Testing Suite Banking Enterprise CollectionsBanking Enterprise Originations+19 more Nov 21, 2024 Oct 16, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability...Show more Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper and ADF. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).Show less
CVE-2019-0188 2Apache Oracle 5Camel Enterprise Data QualityEnterprise Manager Base Platform+2 more Nov 21, 2024 May 28, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. This affects only the camel-xmljson component, which was removed.
CVE-2019-0222 4Apache DebianNetapp+1 more 8Activemq Communications Diameter Signaling RouterDebian Linux+5 more Nov 21, 2024 Mar 28, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive.
CVE-2018-3246 1Oracle 9Banking Platform Business Process Management SuiteCommunications Converged Application Server+6 more Nov 21, 2024 Oct 17, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported versions that are affected are 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allow...Show more Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported versions that are affected are 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).Show less
CVE-2018-11775 2Apache Oracle 3Activemq Enterprise RepositoryFlexcube Private Banking Nov 21, 2024 Sep 10, 2018 N/A· v4 7.4 HIGH· v3 5.8 MEDIUM· v2 TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ serv...Show more TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default.Show less
CVE-2018-1000613 4Bouncycastle NetappOpensuse+1 more 24Api Gateway Banking PlatformBc Java+21 more May 12, 2025 Jul 9, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vuln...Show more Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later.Show less
CVE-2018-1000180 5Bouncycastle DebianNetapp+2 more 20Api Gateway Bc JavaBusiness Process Management Suite+17 more May 12, 2025 Jun 5, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have l...Show more Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later.Show less
CVE-2018-8013 4Apache CanonicalDebian+1 more 21Batik Business IntelligenceCommunications Diameter Signaling Router+18 more Nov 21, 2024 May 24, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was t...Show more In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.Show less
CVE-2018-1258 5Netapp OraclePivotal Software+2 more 42Agile Plm Application Testing SuiteBig Data Discovery+39 more Nov 21, 2024 May 11, 2018 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to met...Show more Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.Show less

12 Next