3672 matches found
Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Contract Management (CVE-2021-2335)
Summary An Oracle database server vulnerability was addressed by IBM Emptoris Contract Management. Vulnerability Details CVEID: CVE-2021-2335 DESCRIPTION: An unspecified vulnerability in Oracle Database Server related to the Database - Enterprise Edition Data Redaction component could allow an...
Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Sourcing (CVE-2021-2334)
Summary An Oracle database server vulnerability was addressed in IBM Emptoris Sourcing. Vulnerability Details CVEID: CVE-2021-2334 DESCRIPTION: An unspecified vulnerability in Oracle Database Server related to the Database - Enterprise Edition Data Redaction component could allow an authenticated...
Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Strategic Supply Management Platform (CVE-2021-2334)
Summary An Oracle database server vulnerability was addressed in IBM Emptoris Strategic Supply Management Platform. Vulnerability Details CVEID: CVE-2021-2334 DESCRIPTION: An unspecified vulnerability in Oracle Database Server related to the Database - Enterprise Edition Data Redaction component...
Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Contract Management (CVE-2021-2334)
Summary An Oracle database server vulnerability has been addressed in IBM Emptoris Contract Management. Vulnerability Details CVEID: CVE-2021-2334 DESCRIPTION: An unspecified vulnerability in Oracle Database Server related to the Database - Enterprise Edition Data Redaction component could allow ...
Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Program Management (CVE-2021-2334)
Summary An Oracle database server vulnerability was addressed in IBM Emptoris Program Management. Vulnerability Details CVEID: CVE-2021-2334 DESCRIPTION: An unspecified vulnerability in Oracle Database Server related to the Database - Enterprise Edition Data Redaction component could allow an...
Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Contract Management (CVE-2021-2336)
Summary An Oracle database server vulnerability was addressed in IBM Emptoris Contract Management. Vulnerability Details CVEID: CVE-2021-2336 DESCRIPTION: An unspecified vulnerability in Oracle Database Server related to the Database - Enterprise Edition Data Redaction component could allow an...
Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Supplier Lifecycle Mgmt (CVE-2021-2336)
Summary An Oracle database server vulnerability was addressed in IBM Emptoris Supplier Lifecycle Management. Vulnerability Details CVEID: CVE-2021-2336 DESCRIPTION: An unspecified vulnerability in Oracle Database Server related to the Database - Enterprise Edition Data Redaction component could...
Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Program Management (CVE-2021-2336)
Summary An Oracle database server vulnerability was addressed in IBM Emptoris Program Management. Vulnerability Details CVEID: CVE-2021-2336 DESCRIPTION: An unspecified vulnerability in Oracle Database Server related to the Database - Enterprise Edition Data Redaction component could allow an...
CVE-2021-42064
If configured to use an Oracle database and if a query is created using the flexible search java api with a parameterized "in" clause, SAP Commerce - versions 1905, 2005, 2105, 2011, allows attacker to execute crafted database queries, exposing backend database. The vulnerability is present if th...
CVE-2021-42064
If configured to use an Oracle database and if a query is created using the flexible search java api with a parameterized "in" clause, SAP Commerce - versions 1905, 2005, 2105, 2011, allows attacker to execute crafted database queries, exposing backend database. The vulnerability is present if th...
CVE-2021-42064
If configured to use an Oracle database and if a query is created using the flexible search java api with a parameterized "in" clause, SAP Commerce - versions 1905, 2005, 2105, 2011, allows attacker to execute crafted database queries, exposing backend database. The vulnerability is present if th...
Code injection
If configured to use an Oracle database and if a query is created using the flexible search java api with a parameterized "in" clause, SAP Commerce - versions 1905, 2005, 2105, 2011, allows attacker to execute crafted database queries, exposing backend database. The vulnerability is present if th...
CVE-2021-42064
If configured to use an Oracle database and if a query is created using the flexible search java api with a parameterized "in" clause, SAP Commerce - versions 1905, 2005, 2105, 2011, allows attacker to execute crafted database queries, exposing backend database. The vulnerability is present if th...
CVE-2021-42064
SAP Commerce (versions 1905, 2005, 2105, 2011) is vulnerable when configured to use Oracle DB and a query is built with the Flexible Search Java API using a parameterized IN clause that accepts more than 1000 values. The root cause is not explicitly described beyond this parameterized IN clause b...
SAP Commerce SQL注入漏洞
SAP Commerce is a set of cloud-based e-commerce platform from Germany's SAP. It supports sales management, marketing management, order management, and operations management. SAP Commerce suffers from an SQL injection vulnerability that stems from the software's lack of effective filtering and...
Oracle Database Protection Mechanism Bypass Vulnerability
Due to insecure fallback behavior, a man-in-the-middle attacker can bypass NNE's protection against man-in-the-middle attacks and hijack authenticated connections. In some configurations, a full man-in-the-middle attack is possible. Oracle Database versions 19c, 12.2.0.1, and 12.1.0.2 are affecte...
Oracle Database Weak NNE Integrity Key Derivation Vulnerability
NNE's integrity protection mechanism deliberately weakens the key used for computing per-packet message authentication codes MACs. Oracle Database versions 19c, 12.2.0.1, and 12.1.0.2 are affected. Product: Database Manufacturer: Oracle Affected Versions: 12.1.0.2, 12.2.0.1, 19c Tested Versions:...
Oracle Database Protection Mechanism Bypass
Advisory ID: SYSS-2021-061 Product: Database Manufacturer: Oracle Affected Versions: 12.1.0.2, 12.2.0.1, 19c Tested Versions: 18c Vulnerability Type: Protection Mechanism Failure CWE-693 Risk Level: High Solution Status: Fixed Manufacturer Notification: 2021-03-17 Solution Date: 2021-08-07 Public...
Oracle Database Weak NNE Integrity Key Derivation
Advisory ID: SYSS-2021-062 Product: Database Manufacturer: Oracle Affected Versions: 12.1.0.2, 12.2.0.1, 19c Tested Versions: 18c Vulnerability Type: Inadequate Encryption Strength CWE-326 Risk Level: Medium Solution Status: Fixed Manufacturer Notification: 2021-03-17 Solution Date: 2021-08-07...
Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Sourcing (CVE-2021-2438)
Summary An Oracle Database Server security vulnerability has been addressed in IBM Emptoris Sourcing. Vulnerability Details CVEID: CVE-2021-2438 DESCRIPTION: An unspecified vulnerability in Oracle Database Server related to the Java VM component could allow an authenticated attacker to cause a...