CVE-2020-2546

CVE-2020-2546 affects Oracle WebLogic Server (Oracle Fusion Middleware), specifically the Application Container - JavaEE component. Affected versions are 10.3.6.0.0 and 12.1.3.0.0. The vulnerability enables an unauthenticated attacker with network access via T3 to compromise WebLogic Server, with...

CVE-2020-2546

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Application Container - JavaEE. Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise...

Oracle WebLogic Server Multiple Remote Security Vulnerabilities

Description Oracle WebLogic Server is prone to multiple remote security vulnerabilities. These vulnerabilities can be exploited over multiple protocols. The 'WLS Core Components' and 'Application Container - JavaEE' components are affected. These vulnerabilities affect the following supported...

Oracle WebLogic Server Component Access Control Error Vulnerability (CNVD-2019-27104)

Oracle Fusion Middleware, the digital business platform for enterprise and cloud computing, is a comprehensive middleware product family that enables organizations to create and run agile, intelligent business applications and maximize IT efficiency by leveraging modern hardware and software...

CVE-2019-9823

In several JetBrains IntelliJ IDEA versions, creating remote run configurations of JavaEE application servers leads to saving a cleartext record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2018.3.5, 2018.2.8, 2018.1.8...

CVE-2019-9823

In several JetBrains IntelliJ IDEA versions, creating remote run configurations of JavaEE application servers leads to saving a cleartext record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2018.3.5, 2018.2.8, 2018.1.8...

CVE-2019-9823

In several JetBrains IntelliJ IDEA versions, creating remote run configurations of JavaEE application servers leads to saving a cleartext record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2018.3.5, 2018.2.8, 2018.1.8...

Design/Logic Flaw

In several JetBrains IntelliJ IDEA versions, creating remote run configurations of JavaEE application servers leads to saving a cleartext record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2018.3.5, 2018.2.8, 2018.1.8...

UBUNTU-CVE-2019-9823

In several JetBrains IntelliJ IDEA versions, creating remote run configurations of JavaEE application servers leads to saving a cleartext record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2018.3.5, 2018.2.8, 2018.1.8...

CVE-2019-9823

CVE-2019-9823 affects several JetBrains IntelliJ IDEA versions where creating remote run configurations for JavaEE application servers causes a cleartext record of server credentials to be saved in IDE configuration files. The root cause is cleartext storage of credentials within IDEA configurati...

CVE-2019-9823

In several JetBrains IntelliJ IDEA versions, creating remote run configurations of JavaEE application servers leads to saving a cleartext record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2018.3.5, 2018.2.8, 2018.1.8...

Security update for java-11-openjdk (important)

openSUSE Security Update: Security update for java-11-openjdk Announcement ID: openSUSE-SU-2019:0161-1 Rating: important References: 1120431 1122293 1122299 Cross-References: CVE-2018-11212 CVE-2019-2422 CVE-2019-2426 Affected Products: openSUSE Leap 15.0 An update that fixes three vulnerabilitie...

Oracle WebLogic Server Multiple Vulnerabilities (January 2019 CPU)

The version of Oracle WebLogic Server installed on the remote host is affected by multiple vulnerabilities: - XML external entity XXE vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-dependent attackers to read...

Design/Logic Flaw

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Application Container - JavaEE. The supported version that is affected is 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2019-2441

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Application Container - JavaEE. The supported version that is affected is 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2019-2441

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Application Container - JavaEE. The supported version that is affected is 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2019-2441

CVE-2019-2441 affects Oracle WebLogic Server 12.2.1.3 (Application Container - JavaEE). The vulnerability allows unauthenticated, network-based attackers to access WebLogic via HTTP and read a subset of data; CVSS v3.0 base score 5.3 (confidentiality impact: low). Connected sources confirm the af...

Struts2 remote code execution vulnerability detection principle and code level implementation-vulnerability warning-the black bar safety net

Laboratory evan-css analysis of the recent very fire of Struct2 vulnerability hole. Recently very fire the Struts2 vulnerability everyone should have heard of it, if you haven't heard it doesn't matter about this vulnerability can be described with a one-sentence summary: vulnerability is...