Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Access Manager Security Vulnerabilities

cve
cve

CVE-2017-10154

Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). The supported version that is affected is 11.1.2.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager...

5.3CVSS

4.5AI Score

0.002EPSS

2017-10-19 05:29 PM
28
cve
cve

CVE-2017-10262

Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). The supported version that is affected is 11.1.2.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Access Mana...

5.9CVSS

6.1AI Score

0.002EPSS

2018-01-18 02:29 AM
45
cve
cve

CVE-2018-2587

Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). Supported versions that are affected are 10.1.4.3.0, 11.1.2.3.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to comp...

6.5CVSS

6.3AI Score

0.002EPSS

2018-04-19 02:29 AM
45
3
cve
cve

CVE-2018-2739

Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). Supported versions that are affected are 10.1.4.3.0, 11.1.2.3.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compro...

9.3CVSS

7.5AI Score

0.001EPSS

2018-04-19 02:29 AM
53
cve
cve

CVE-2018-2879

Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Authentication Engine). Supported versions that are affected are 11.1.2.3.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise O...

9CVSS

7.8AI Score

0.012EPSS

2018-04-19 02:29 AM
51
cve
cve

CVE-2019-10219

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.

6.1CVSS

6AI Score

0.002EPSS

2019-11-08 03:15 PM
181
6
cve
cve

CVE-2020-2740

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Authentication Engine). Supported versions that are affected are 11.1.2.3.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Ac...

4.6CVSS

4.1AI Score

0.001EPSS

2020-04-15 02:15 PM
28
cve
cve

CVE-2020-2745

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Federation). Supported versions that are affected are 11.1.2.3.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manag...

4.3CVSS

3.9AI Score

0.001EPSS

2020-04-15 02:15 PM
26
cve
cve

CVE-2020-2747

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: SSO Engine). Supported versions that are affected are 11.1.2.3.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Access Manage...

5.4CVSS

5AI Score

0.001EPSS

2020-04-15 02:15 PM
29
cve
cve

CVE-2021-2358

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Rest interfaces for Access Mgr). The supported version that is affected is 11.1.2.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTPS to compromise Oracle Acces...

4.9CVSS

5.1AI Score

0.001EPSS

2021-07-21 03:15 PM
44
cve
cve

CVE-2021-29425

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal),...

4.8CVSS

5.5AI Score

0.002EPSS

2021-04-13 07:15 AM
355
In Wild
26
cve
cve

CVE-2021-35587

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent). Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Orac...

9.8CVSS

9.4AI Score

0.947EPSS

2022-01-19 12:15 PM
567
In Wild
6
cve
cve

CVE-2022-39405

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Authentication Engine). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager....

5.3CVSS

5.1AI Score

0.001EPSS

2022-10-18 09:15 PM
29
2
cve
cve

CVE-2022-39412

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Admin Console). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Success...

7.5CVSS

7.2AI Score

0.005EPSS

2022-10-18 09:15 PM
39
4
cve
cve

CVE-2023-21859

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Authentication Engine). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Access Manager exec...

4.4CVSS

4.7AI Score

0.0004EPSS

2023-01-18 12:15 AM
46