CVE-2021-35587

CVE-2021-35587 affects Oracle Access Manager (OpenSSO Agent) in Oracle Fusion Middleware. Affected versions: 11.1.2.3.0, 12.2.1.3.0, 12.2.1.4.0. The root cause is unauthenticated deserialization of untrusted data, enabling remote code execution and takeover of Oracle Access Manager. The connected...

Oracle Fusion Middleware 安全漏洞

Oracle Access Manager, an Oracle company, provides innovative new services to complement traditional access management functionality.Oracle Access Manager is vulnerable due to an input validation error in the OpenSSO Agent component. An attacker could exploit this vulnerability to execute arbitra...

CVE-2019-14912

An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly check the goto parameter, leading to an open redirect that leaks the session cookie...

CVE-2019-14911

An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly escape output on error, leading to reflected XSS...

CVE-2019-14912

An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly check the goto parameter, leading to an open redirect that leaks the session cookie...

Cross site scripting

An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly escape output on error, leading to reflected XSS...

Open redirect

An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly check the goto parameter, leading to an open redirect that leaks the session cookie...

CVE-2019-14912

An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly check the goto parameter, leading to an open redirect that leaks the session cookie...

CVE-2019-14912

The CVE-2019-14912 entry concerns PRiSE adAS 1.7.0, where the OPENSSO module fails to validate the goto parameter, causing an open redirect that leaks the user session cookie. Multiple sources (NVD, Red Hat, CVE lists) confirm the affected product and the underlying cause. Exploitation details an...

CVE-2019-14911

CVE-2019-14911 affects PRiSE adAS 1.7.0 via the OPENSSO module, where output is not properly escaped on error, causing reflected XSS. Documented impact indicates network attack vector with user interaction not required in CVSS2/3.1 analysis; exploitation details are not provided in the available ...

CVE-2019-14911

An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly escape output on error, leading to reflected XSS...

Oracle OpenSSO 'Web Agents' DOS Vulnerability

Oracle OpenSSO is prone to denial of service DOS vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:oracle:opensso";...

Unspecified Vulnerability in Oracle Fusion Middleware OpenSSO Component

Oracle OpenSSO is the United States Oracle Oracle a single sign-on SSO open source implementation , it is deployed in a variety of different Web or application servers on the Web application to provide centralized authentication capabilities . A security vulnerability exists in the OpenSSO Web...

CVE-2015-0451

Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 3.0-04 allows remote authenticated users to affect confidentiality via vectors related to OpenSSO Web Agents...

CVE-2015-0451

Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 3.0-04 allows remote authenticated users to affect confidentiality via vectors related to OpenSSO Web Agents...

Buffer overflow

Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 3.0-04 allows remote authenticated users to affect confidentiality via vectors related to OpenSSO Web Agents...

CVE-2015-0451

Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 3.0-04 allows remote authenticated users to affect confidentiality via vectors related to OpenSSO Web Agents...

CVE-2015-0451

The CVE-2015-0451 entry involves Oracle Fusion Middleware OpenSSO (Web Agents subcomponent) version 3.0-04. A vulnerability exists that could allow a remote authenticated user to read data and compromise confidentiality related to OpenSSO Web Agents. The connected CNVD record explicitly states th...

Oracle OpenSSO SAML Multiple Vulnerabilities (January 2015 CPU)

The remote Oracle OpenSSO component in the Oracle Fusion Middleware install is missing a vendor-supplied security update. It is, therefore, affected by multiple unspecified vulnerabilities in the SAML subcomponent. Note that these vulnerabilities are unspecified by Oracle but appear to be...

Unspecified Vulnerability in Oracle OpenSSO SAML Subpart (CNVD-2015-00551)

OpenSSO project is an open source implementation of SSO Single Sign-On for Web applications deployed on different Web or different servers to provide centralized authentication capabilities . Oracle OpenSSO SAML subcomponent has a security vulnerability that allows remote attackers to exploit the...