Lucene search
K
OracleAccess Manager

20 matches found

CVE
CVE
added 2020/01/15 4:34 p.m.1340 views

CVE-2020-2555

CVE-2020-2555 (WebLogic/Coherence) : A deserialization vulnerability in Oracle Coherence (Fusion Middleware) enables unauthenticated remote code execution via the T3 protocol. Affected versions include Coherence 3.7.1.x, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0. The flaw originates from ReflectionExtra...

9.8CVSS9.1AI score0.97116EPSS
In wild
CVE
CVE
added 2022/01/19 11:21 a.m.827 views

CVE-2021-35587

CVE-2021-35587 affects Oracle Access Manager (OpenSSO Agent) in Oracle Fusion Middleware. Affected versions: 11.1.2.3.0, 12.2.1.3.0, 12.2.1.4.0. The root cause is unauthenticated deserialization of untrusted data, enabling remote code execution and takeover of Oracle Access Manager. The connected...

9.8CVSS9.4AI score0.96284EPSS
In wild
CVE
CVE
added 2021/04/13 6:50 a.m.634 views

CVE-2021-29425

CVE-2021-29425 affects Apache Commons IO up to version 2.6, specifically FileNameUtils.normalize. With inputs such as "//../foo" or "\..\foo", normalization can yield a value that does not escape to higher directories, potentially enabling access to the parent directory if the resulting path is u...

5.8CVSS6.7AI score0.10608EPSS
In wild
CVE
CVE
added 2019/11/08 2:46 p.m.296 views

CVE-2019-10219

The CVE-2019-10219 entry affects Hibernate Validator: SafeHtml validator annotation fails to sanitize HTML comments/instructions, enabling XSS in affected code paths. Affected CP4S versions are 1.7.2.0, 1.8.0.0, and 1.8.1.0. Remediation is to upgrade to Cloud Pak for Security 1.9.0.0 per IBM guid...

6.5CVSS6AI score0.02167EPSS
CVE
CVE
added 2022/10/18 12:0 a.m.84 views

CVE-2022-39412

The CVE-2022-39412 entry affects Oracle Fusion Middleware’s Oracle Access Manager (Admin Console) with the affected version 12.2.1.4.0 . The vulnerability allows an unauthenticated, network-accessible attacker over HTTP to compromise Oracle Access Manager, potentially exposing or gaining complete...

7.5CVSS7.2AI score0.01704EPSS
CVE
CVE
added 2018/04/19 2:0 a.m.76 views

CVE-2018-2739

CVE-2018-2739 affects Oracle Access Manager (Fusion Middleware) Web Server Plugin. Affected are 10.1.4.3.0, 11.1.2.3.0, and 12.2.1.3.0. The vulnerability enables unauthenticated, network-accessible access via HTTP to compromise Oracle APM, with attacks requiring user interaction. Impact can inclu...

9.3CVSS7.5AI score0.02332EPSS
CVE
CVE
added 2018/04/19 2:0 a.m.74 views

CVE-2018-2587

CVE-2018-2587 affects Oracle Fusion Middleware — Oracle Access Manager, Web Server Plugin. Affected versions: 10.1.4.3.0, 11.1.2.3.0, 12.2.1.3.0. An unauthenticated, network-based attacker can access via HTTP, leading to unauthorized creation, deletion or modification of data, and unauthorized re...

6.5CVSS6.3AI score0.02048EPSS
CVE
CVE
added 2021/07/20 10:43 p.m.74 views

CVE-2021-2358

CVE-2021-2358 affects Oracle Fusion Middleware Oracle Access Manager (Rest interfaces for Access Mgr), with affected version 11.1.2.3.0. Post-authentication impact: a high-privilege attacker who can reach Oracle Access Manager over HTTPS can gain unauthorized access to confidential data or data a...

4.9CVSS5.1AI score0.01586EPSS
CVE
CVE
added 2018/04/19 2:0 a.m.72 views

CVE-2018-2879

The CVE-2018-2879 issue affects Oracle Access Manager (part of Oracle Fusion Middleware) specifically the Authentication Engine in versions 11.1.2.3.0 and 12.2.1.3.0. The root cause is a vulnerability that enables unauthenticated attackers with network access over HTTP to compromise Oracle Access...

9CVSS7.8AI score0.22154EPSS
CVE
CVE
added 2023/01/17 11:35 p.m.68 views

CVE-2023-21859

The CVE-2023-21859 entry concerns Oracle Access Manager (Authentication Engine) in Oracle Fusion Middleware. Affected version: 12.2.1.4.0. Root cause described as insufficient input validation in the Authentication Engine, enabling a high-privilege attacker with logon on the infrastructure to com...

4.4CVSS4.2AI score0.00227EPSS
CVE
CVE
added 2018/01/18 2:0 a.m.66 views

CVE-2017-10262

CVE-2017-10262 affects Oracle Fusion Middleware’s Oracle Access Manager Web Server Plugin (component in 11.1.2.3.0). The vulnerability allows an unauthenticated attacker with network access via HTTPS to compromise Oracle Access Manager, potentially leading to unauthorized access to data across Or...

5.9CVSS6.1AI score0.01583EPSS
CVE
CVE
added 2022/10/18 12:0 a.m.62 views

CVE-2022-39405

CVE-2022-39405 affects Oracle Fusion Middleware’s Oracle Access Manager (Authentication Engine) version 12.2.1.3.0. The vulnerability allows an unauthenticated attacker over HTTP to modify accessible Oracle Access Manager data (impact: data integrity). The connection documents confirm the affecte...

5.3CVSS5.1AI score0.01028EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.50 views

CVE-2020-2740

CVE-2020-2740 affects Oracle Fusion Middleware’s Oracle Access Manager, specifically the Authentication Engine. Affected versions are 11.1.2.3.0 and 12.2.1.3.0. The vulnerability allows a low-privileged, network-accessible attacker (via HTTP) to compromise data, with the attack requiring user int...

4.9CVSS4.1AI score0.0076EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.50 views

CVE-2020-2747

CVE-2020-2747 affects Oracle Access Manager (SSO Engine) in Oracle Fusion Middleware. A remote attacker with network access over HTTP and low privileges can exploit the flaw to update/insert/delete data or read restricted Oracle Access Manager data on affected versions 11.1.2.3.0 and 12.2.1.3.0; ...

5.4CVSS5AI score0.00712EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.46 views

CVE-2020-2745

CVE-2020-2745 affects Oracle Access Manager (Oracle Fusion Middleware, Federation component). Affected versions are 11.1.2.3.0 and 12.2.1.3.0. It is an unauthenticated, network-accessible vulnerability over HTTP that, per the description, can lead to a partial denial of service of Oracle Access M...

4.3CVSS3.9AI score0.01408EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.45 views

CVE-2017-10154

The CVE-2017-10154 vulnerability affects Oracle Fusion Middleware’s Oracle Access Manager (Web Server Plugin) in version 11.1.2.3.0. The issue allows an unauthenticated, network-accessible attacker (via HTTP) to read a subset of data due to a flaw in the Web Server Plugin, with CVSSv3.0 base scor...

5.3CVSS4.5AI score0.01944EPSS
CVE
CVE
added 2026/06/16 7:27 p.m.25 views

CVE-2026-35313

Technical details for CVE-2026-35313 are not provided in the supplied documents. No information on affected products, components, vulnerable versions, or fixes is available here. Monitor for updates from official sources (e.g., Oracle security alerts).

9.9CVSS5.2AI score0.00411EPSS
CVE
CVE
added 2026/06/16 7:27 p.m.19 views

CVE-2026-46812

Technical details are not publicly available in the provided documents. Monitor for updates from Oracle security alerts and CVE records to obtain affected products, vulnerable components, impact, and remediation.

6.1CVSS5.1AI score0.00245EPSS
CVE
CVE
added 2026/06/16 7:26 p.m.17 views

CVE-2026-35261

Technical details for CVE-2026-35261 are not publicly available in the provided documents. Monitor Oracle security alerts and CVE records for updates.

6.5CVSS5AI score0.00272EPSS
CVE
CVE
added 2026/06/16 7:27 p.m.12 views

CVE-2026-35314

Technical details are not publicly available in the provided documents. Monitor for updates on CVE-2026-35314.

7.3CVSS5AI score0.00307EPSS