Lucene search
K

150 matches found

CVE
CVE
added 2022/04/19 8:37 p.m.318 views

CVE-2022-21445

CVE-2022-21445 is a vulnerability in the Oracle Application Development Framework (ADF Faces) within Oracle Fusion Middleware. Affected are the JDeveloper-distributed ADF components for versions 12.2.1.3.0 and 12.2.1.4.0. The vulnerability allows unauthenticated, network-accessible attackers to e...

9.8CVSS9.5AI score0.62478EPSS
In wildExploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/04/19 8:37 p.m.26 views

CVE-2022-21445

...

9.8CVSS9.6AI score0.62478EPSS
Exploits1References1
Cvelist
Cvelist
added 2022/04/19 8:37 p.m.56 views

CVE-2022-21445

...

9.8CVSS9.5AI score0.62478EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/04/19 12:0 a.m.22 views

CVE-2022-21445

Vulnerability in the Oracle Application Development Framework ADF product of Oracle Fusion Middleware component: ADF Faces. Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromi...

9.8CVSS7.5AI score0.62478EPSS
In wildExploits1References2
Hacker One
Hacker One
added 2021/12/10 2:36 p.m.24 views

U.S. Dept Of Defense: Wrong settings in ADF Faces leads to information disclosure

Hello, Team. Found some interesting links which leads to information disclosure in █████ Link 1: █████████████ Link 2: ██████████████████ Link 3: █████████████ Every link goes through https://██████to https://████ For Link 3 is possible to change data in the fields: First Name, Last Name, Phone...

6.5AI score
Exploits0
Veracode
Veracode
added 2020/12/06 3:32 a.m.21 views

Arbitrary Code Execution

unadf is vulnerable to arbitrary code execution. The extractTree function in unADF allows remote attackers to execute arbitrary code via shell metacharacters in a directory name in an adf file...

8.8CVSS8.3AI score0.05282EPSS
Exploits0References7Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/11/02 12:0 a.m.120 views

Oracle JDeveloper XSS (October 2020 CPU)

The version of Oracle JDeveloper installed on the remote host is missing a security patch. It is, therefore, affected by a cross-site scripting XSS vulnerability in the ADF Faces jQuery component. An unauthenticated, remote attacker can exploit this issue to compromise Oracle JDeveloper. Successf...

6.9CVSS6.5AI score0.99019EPSS
Exploits7References3
Check Point Advisories
Check Point Advisories
added 2020/04/27 12:0 a.m.30 views

Oracle JDeveloper ADF Faces Insecure Deserialization (CVE-2019-2904)

An insecure deserialization vulnerability exists in Oracle JDeveloper ADF Faces. This vulnerability is due to insufficient validation of HTTP requests...

7.5CVSS8.7AI score0.14264EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2019/12/19 12:0 a.m.180 views

Oracle ADF Faces Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle ADF Faces. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Remote Regions component. The issue results from the lack of proper validation of...

9.8CVSS4.2AI score0.14264EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2019/11/11 12:0 a.m.6 views

The vulnerability of the ADF Faces sub-component of the Oracle JDeveloper component and the ADF software platform of Oracle Fusion Middleware allows a perpetrator to gain full control over the application.

The vulnerability of the ADF Faces sub-component of the Oracle JDeveloper component and the ADF software platform of Oracle Fusion Middleware is related to access control deficiencies. Exploiting this vulnerability could allow an attacker, operating remotely, to gain full control over the...

10CVSS7.7AI score0.14264EPSS
Exploits0References5Affected Software21
Tenable Nessus
Tenable Nessus
added 2019/10/17 12:0 a.m.448 views

Oracle WebLogic Server Multiple Vulnerabilities (Oct 2019 CPU)

The version of Oracle WebLogic Server installed on the remote host is affected by multiple vulnerabilities: - An unspecified vulnerability in the jquery component of the Web Services of Oracle Weblogic Server. An unauthenticated, remote attacker can exploit this to gain unauthorized update, inser...

8.1CVSS6.9AI score0.87218EPSS
Exploits15References11
OSV
OSV
added 2019/10/16 6:15 p.m.4 views

CVE-2019-2899

Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware component: OAM. Supported versions that are affected are 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromis...

2.4CVSS6.1AI score0.00882EPSS
Exploits0References2
OSV
OSV
added 2019/10/16 6:15 p.m.26 views

CVE-2019-2904

Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware component: ADF Faces. Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Orac...

9.8CVSS7.5AI score0.14264EPSS
Exploits0References7
NVD
NVD
added 2019/10/16 6:15 p.m.27 views

CVE-2019-2899

Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware component: OAM. Supported versions that are affected are 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromis...

3.5CVSS1.7AI score0.00882EPSS
Exploits0References2
NVD
NVD
added 2019/10/16 6:15 p.m.29 views

CVE-2019-2904

Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware component: ADF Faces. Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Orac...

9.8CVSS9.3AI score0.14264EPSS
Exploits0References7
Prion
Prion
added 2019/10/16 6:15 p.m.16 views

Design/Logic Flaw

Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware component: OAM. Supported versions that are affected are 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromis...

3.5CVSS3AI score0.00882EPSS
Exploits0References2Affected Software4
CVE
CVE
added 2019/10/16 5:40 p.m.58 views

CVE-2019-2899

CVE-2019-2899 affects Oracle JDeveloper and ADF (OAM component) in Oracle Fusion Middleware. Affected versions: 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0, 12.2.1.3.0. The vulnerability is due to insufficient access control in OAM, allowing a high-privilege attacker with network access via HTTP to compro...

3.5CVSS3.1AI score0.00882EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2019/10/16 5:40 p.m.30 views

CVE-2019-2899

Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware component: OAM. Supported versions that are affected are 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromis...

2.4CVSS3.3AI score0.00882EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/10/16 5:40 p.m.29 views

CVE-2019-2904

Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware component: ADF Faces. Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Orac...

9.8CVSS9.2AI score0.14264EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2019/10/16 5:40 p.m.19 views

CVE-2019-2904

Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware component: ADF Faces. Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Orac...

9.8CVSS7.3AI score0.14264EPSS
Exploits0References7
Rows per page
Query Builder