20 matches found
CVE-2020-2555
CVE-2020-2555 (WebLogic/Coherence) : A deserialization vulnerability in Oracle Coherence (Fusion Middleware) enables unauthenticated remote code execution via the T3 protocol. Affected versions include Coherence 3.7.1.x, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0. The flaw originates from ReflectionExtra...
CVE-2021-35587
CVE-2021-35587 affects Oracle Access Manager (OpenSSO Agent) in Oracle Fusion Middleware. Affected versions: 11.1.2.3.0, 12.2.1.3.0, 12.2.1.4.0. The root cause is unauthenticated deserialization of untrusted data, enabling remote code execution and takeover of Oracle Access Manager. The connected...
CVE-2021-29425
CVE-2021-29425 affects Apache Commons IO up to version 2.6, specifically FileNameUtils.normalize. With inputs such as "//../foo" or "\..\foo", normalization can yield a value that does not escape to higher directories, potentially enabling access to the parent directory if the resulting path is u...
CVE-2019-10219
The CVE-2019-10219 entry affects Hibernate Validator: SafeHtml validator annotation fails to sanitize HTML comments/instructions, enabling XSS in affected code paths. Affected CP4S versions are 1.7.2.0, 1.8.0.0, and 1.8.1.0. Remediation is to upgrade to Cloud Pak for Security 1.9.0.0 per IBM guid...
CVE-2022-39412
The CVE-2022-39412 entry affects Oracle Fusion Middleware’s Oracle Access Manager (Admin Console) with the affected version 12.2.1.4.0 . The vulnerability allows an unauthenticated, network-accessible attacker over HTTP to compromise Oracle Access Manager, potentially exposing or gaining complete...
CVE-2018-2739
CVE-2018-2739 affects Oracle Access Manager (Fusion Middleware) Web Server Plugin. Affected are 10.1.4.3.0, 11.1.2.3.0, and 12.2.1.3.0. The vulnerability enables unauthenticated, network-accessible access via HTTP to compromise Oracle APM, with attacks requiring user interaction. Impact can inclu...
CVE-2018-2587
CVE-2018-2587 affects Oracle Fusion Middleware — Oracle Access Manager, Web Server Plugin. Affected versions: 10.1.4.3.0, 11.1.2.3.0, 12.2.1.3.0. An unauthenticated, network-based attacker can access via HTTP, leading to unauthorized creation, deletion or modification of data, and unauthorized re...
CVE-2021-2358
CVE-2021-2358 affects Oracle Fusion Middleware Oracle Access Manager (Rest interfaces for Access Mgr), with affected version 11.1.2.3.0. Post-authentication impact: a high-privilege attacker who can reach Oracle Access Manager over HTTPS can gain unauthorized access to confidential data or data a...
CVE-2018-2879
The CVE-2018-2879 issue affects Oracle Access Manager (part of Oracle Fusion Middleware) specifically the Authentication Engine in versions 11.1.2.3.0 and 12.2.1.3.0. The root cause is a vulnerability that enables unauthenticated attackers with network access over HTTP to compromise Oracle Access...
CVE-2023-21859
The CVE-2023-21859 entry concerns Oracle Access Manager (Authentication Engine) in Oracle Fusion Middleware. Affected version: 12.2.1.4.0. Root cause described as insufficient input validation in the Authentication Engine, enabling a high-privilege attacker with logon on the infrastructure to com...
CVE-2017-10262
CVE-2017-10262 affects Oracle Fusion Middleware’s Oracle Access Manager Web Server Plugin (component in 11.1.2.3.0). The vulnerability allows an unauthenticated attacker with network access via HTTPS to compromise Oracle Access Manager, potentially leading to unauthorized access to data across Or...
CVE-2022-39405
CVE-2022-39405 affects Oracle Fusion Middleware’s Oracle Access Manager (Authentication Engine) version 12.2.1.3.0. The vulnerability allows an unauthenticated attacker over HTTP to modify accessible Oracle Access Manager data (impact: data integrity). The connection documents confirm the affecte...
CVE-2020-2740
CVE-2020-2740 affects Oracle Fusion Middleware’s Oracle Access Manager, specifically the Authentication Engine. Affected versions are 11.1.2.3.0 and 12.2.1.3.0. The vulnerability allows a low-privileged, network-accessible attacker (via HTTP) to compromise data, with the attack requiring user int...
CVE-2020-2747
CVE-2020-2747 affects Oracle Access Manager (SSO Engine) in Oracle Fusion Middleware. A remote attacker with network access over HTTP and low privileges can exploit the flaw to update/insert/delete data or read restricted Oracle Access Manager data on affected versions 11.1.2.3.0 and 12.2.1.3.0; ...
CVE-2020-2745
CVE-2020-2745 affects Oracle Access Manager (Oracle Fusion Middleware, Federation component). Affected versions are 11.1.2.3.0 and 12.2.1.3.0. It is an unauthenticated, network-accessible vulnerability over HTTP that, per the description, can lead to a partial denial of service of Oracle Access M...
CVE-2017-10154
The CVE-2017-10154 vulnerability affects Oracle Fusion Middleware’s Oracle Access Manager (Web Server Plugin) in version 11.1.2.3.0. The issue allows an unauthenticated, network-accessible attacker (via HTTP) to read a subset of data due to a flaw in the Web Server Plugin, with CVSSv3.0 base scor...
CVE-2026-35313
Technical details for CVE-2026-35313 are not provided in the supplied documents. No information on affected products, components, vulnerable versions, or fixes is available here. Monitor for updates from official sources (e.g., Oracle security alerts).
CVE-2026-46812
Technical details are not publicly available in the provided documents. Monitor for updates from Oracle security alerts and CVE records to obtain affected products, vulnerable components, impact, and remediation.
CVE-2026-35261
Technical details for CVE-2026-35261 are not publicly available in the provided documents. Monitor Oracle security alerts and CVE records for updates.
CVE-2026-35314
Technical details are not publicly available in the provided documents. Monitor for updates on CVE-2026-35314.