Webcenter Portal

webcenter_portal

Vendor: Oracle • 90 CVEs

CVEs (90)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-3254 1Oracle 1Webcenter Portal Nov 21, 2024 Oct 17, 2018 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Vulnerability in the Oracle WebCenter Portal component of Oracle Fusion Middleware (subcomponent: WebCenter Spaces Application). Supported versions that are affected are 11.1.1.9.0 and 12.2.1.3.0. Easily exploitable vuln...Show more Vulnerability in the Oracle WebCenter Portal component of Oracle Fusion Middleware (subcomponent: WebCenter Spaces Application). Supported versions that are affected are 11.1.1.9.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebCenter Portal accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).Show less
CVE-2018-3246 1Oracle 9Banking Platform Business Process Management SuiteCommunications Converged Application Server+6 more Nov 21, 2024 Oct 17, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported versions that are affected are 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allow...Show more Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported versions that are affected are 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).Show less
CVE-2018-8032 3Apache DebianOracle 38Agile Engineering Data Management Agile Product Lifecycle ManagementApplication Testing Suite+35 more May 8, 2025 Aug 2, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.
CVE-2018-3101 1Oracle 1Webcenter Portal Nov 21, 2024 Jul 18, 2018 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Vulnerability in the Oracle WebCenter Portal component of Oracle Fusion Middleware (subcomponent: Portlet Services). Supported versions that are affected are 11.1.1.9.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vuln...Show more Vulnerability in the Oracle WebCenter Portal component of Oracle Fusion Middleware (subcomponent: Portlet Services). Supported versions that are affected are 11.1.1.9.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebCenter Portal accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).Show less
CVE-2018-1000613 4Bouncycastle NetappOpensuse+1 more 24Api Gateway Banking PlatformBc Java+21 more May 12, 2025 Jul 9, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vuln...Show more Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later.Show less
CVE-2018-1000180 5Bouncycastle DebianNetapp+2 more 20Api Gateway Bc JavaBusiness Process Management Suite+17 more May 12, 2025 Jun 5, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have l...Show more Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later.Show less
CVE-2017-7525 5Debian FasterxmlNetapp+2 more 21Banking Platform Communications Billing And Revenue ManagementCommunications Communications Policy Management+18 more Nov 21, 2024 Feb 6, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to t...Show more A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.Show less
CVE-2017-15095 5Debian FasterxmlNetapp+2 more 24Banking Platform ClusterwareCommunications Billing And Revenue Management+21 more Nov 21, 2024 Feb 6, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readV...Show more A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.Show less
CVE-2018-2713 1Oracle 1Webcenter Portal Nov 21, 2024 Jan 18, 2018 N/A· v4 8.2 HIGH· v3 5.8 MEDIUM· v2 Vulnerability in the Oracle WebCenter Portal component of Oracle Fusion Middleware (subcomponent: WebCenter Spaces Application). Supported versions that are affected are 11.1.1.9.0, 12.2.1.2.0 and 12.2.1.3.0. Easily expl...Show more Vulnerability in the Oracle WebCenter Portal component of Oracle Fusion Middleware (subcomponent: WebCenter Spaces Application). Supported versions that are affected are 11.1.1.9.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Portal, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebCenter Portal accessible data as well as unauthorized read access to a subset of Oracle WebCenter Portal accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N).Show less
CVE-2017-15707 3Apache NetappOracle 12Agile Plm Framework Enterprise Manager For VirtualizationFinancial Services Hedge Management And Ifrs Valuations+9 more May 13, 2026 Dec 1, 2017 N/A· v4 6.2 MEDIUM· v3 5.0 MEDIUM· v2 In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload.

Previous 1 2 3 45