Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 12.1.1, 12.1.3 and 12.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via Jolt to compromise Oracle Tuxedo. While the...
8.6CVSS
7.6AI Score
0.001EPSS
Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via Jolt to compromise Oracle Tuxedo....
5.3CVSS
5AI Score
0.001EPSS
Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via Jolt to compromise Oracle Tuxedo....
10CVSS
8.3AI Score
0.004EPSS
Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Easily exploitable vulnerability allows low privileged attacker with network access via Jolt to compromise Oracle Tuxedo. While....
9.9CVSS
7.4AI Score
0.009EPSS
Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via Jolt to compromise Oracle Tuxedo....
7.5CVSS
6.3AI Score
0.001EPSS
Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Jolt to compromise Oracle...
7CVSS
6AI Score
0.01EPSS
ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and...
5.9CVSS
6AI Score
0.024EPSS
BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls...
7AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in the Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to inject arbitrary web script via the INIFILE...
6.5AI Score
0.003EPSS
The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to determine the existence of files outside the web root via modified paths in the INIFILE...
7.6AI Score
0.008EPSS
The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to cause a denial of service (hang) via pathname arguments that contain MS-DOS device names such as CON and...
7.5AI Score
0.01EPSS
The Domain gateway in BEA Tuxedo 7.1 does not perform authorization checks for imported services and qspaces on remote domains, even when an ACL exists, which allows users to access services in a remote...
7.4AI Score
0.0004EPSS