Jd Edwards Enterpriseone Tools

jd_edwards_enterpriseone_tools

Vendor: Oracle • 150 CVEs

CVEs (150)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-9546 4Debian FasterxmlNetapp+1 more 31Active Iq Unified Manager Agile PlmAutovue For Agile Product Lifecycle Management+28 more Apr 29, 2026 Mar 2, 2020 N/A· v4 9.8 CRITICAL· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).
CVE-2019-20330 4Debian FasterxmlNetapp+1 more 30Active Iq Unified Manager Banking PlatformCommunications Billing And Revenue Management+27 more Nov 21, 2024 Jan 3, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.
CVE-2019-17195 3Apache Connect2idOracle 15Communications Cloud Native Core Security Edge Protection Proxy Communications Pricing Design CenterData Integrator+12 more Nov 21, 2024 Oct 15, 2019 N/A· v4 9.8 CRITICAL· v3 6.8 MEDIUM· v2 Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.
CVE-2019-17531 5Debian FasterxmlNetapp+2 more 22Banking Platform Communications Billing And Revenue ManagementCommunications Calendar Server+19 more Nov 21, 2024 Oct 12, 2019 N/A· v4 9.8 CRITICAL· v3 6.8 MEDIUM· v2 A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the se...Show more A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.Show less
CVE-2019-16943 6Debian FasterxmlFedoraproject+3 more 26Active Iq Unified Manager Banking PlatformCommunications Billing And Revenue Management+23 more Nov 21, 2024 Oct 1, 2019 N/A· v4 9.8 CRITICAL· v3 6.8 MEDIUM· v2 A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the se...Show more A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.Show less
CVE-2019-16942 6Debian FasterxmlFedoraproject+3 more 28Active Iq Unified Manager Banking PlatformCommunications Billing And Revenue Management+25 more Nov 21, 2024 Oct 1, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the se...Show more A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.Show less
CVE-2019-10086 6Apache DebianFedoraproject+3 more 60Agile Plm Agile Product Lifecycle Management Integration PackApplication Testing Suite+57 more Nov 21, 2024 Aug 20, 2019 N/A· v4 7.3 HIGH· v3 7.5 HIGH· v2 In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, howev...Show more In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.Show less
CVE-2019-14439 6Apache DebianFasterxml+3 more 18Banking Platform Communications Diameter Signaling RouterCommunications Instant Messaging Server+15 more Nov 21, 2024 Jul 30, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint...Show more A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath.Show less
CVE-2019-14379 7Apple DebianFasterxml+4 more 24Active Iq Unified Manager Banking PlatformCommunications Diameter Signaling Router+21 more Nov 21, 2024 Jul 29, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code ex...Show more SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.Show less
CVE-2019-2564 1Oracle 1Jd Edwards Enterpriseone Tools Nov 21, 2024 Apr 23, 2019 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileg...Show more Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).Show less
CVE-2019-11358 11Backdropcms DebianDrupal+8 more 105Agile Product Lifecycle Management For Process Application ExpressApplication Service Level Management+102 more Nov 21, 2024 Apr 20, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ p...Show more jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.Show less
CVE-2018-12023 5Debian FasterxmlFedoraproject+2 more 11Automation Manager Debian LinuxDecision Manager+8 more Nov 21, 2024 Mar 21, 2019 N/A· v4 7.5 HIGH· v3 5.1 MEDIUM· v2 An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpa...Show more An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.Show less
CVE-2018-12022 5Debian FasterxmlFedoraproject+2 more 11Automation Manager Debian LinuxDecision Manager+8 more Nov 21, 2024 Mar 21, 2019 N/A· v4 7.5 HIGH· v3 5.1 MEDIUM· v2 An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database acce...Show more An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.Show less
CVE-2019-1559 13Canonical DebianF5+10 more 82A220 Firmware A320 FirmwareA800 Firmware+79 more Nov 21, 2024 Feb 27, 2019 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte r...Show more If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).Show less
CVE-2018-14718 5Debian FasterxmlNetapp+2 more 25Banking Platform Business Process Management SuiteCommunications Billing And Revenue Management+22 more Nov 21, 2024 Jan 2, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.
CVE-2018-15769 2Dell Oracle 12Application Testing Suite BsafeCommunications Analytics+9 more Nov 21, 2024 Nov 16, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Se...Show more RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value is sent to the TLS client, and an Ephemeral or Anonymous Diffie-Hellman cipher suite (DHE or ADH) is used.Show less
CVE-2018-11058 2Dell Oracle 13Application Testing Suite BsafeBsafe Crypto C+10 more Nov 21, 2024 Sep 14, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read vulnerability when pa...Show more RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would result in such issue.Show less
CVE-2018-11057 2Dell Oracle 12Application Testing Suite BsafeCommunications Analytics+9 more Nov 21, 2024 Aug 31, 2018 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryp...Show more RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key.Show less
CVE-2018-11056 2Dell Oracle 13Application Testing Suite BsafeBsafe Crypto C+10 more Nov 21, 2024 Aug 31, 2018 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.3 (in 4.0.x) contain an Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability whe...Show more RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.3 (in 4.0.x) contain an Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would exhaust the stack, potentially causing a Denial Of Service.Show less
CVE-2018-11055 2Dell Oracle 12Application Testing Suite BsafeCommunications Analytics+9 more Nov 21, 2024 Aug 31, 2018 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Decoded PKCS #12 data in...Show more RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Decoded PKCS #12 data in heap memory is not zeroized by MES before releasing the memory internally and a malicious local user could gain access to the unauthorized data by doing heap inspection.Show less

Previous 1...4 567 8 Next