Lucene search
+L
OracleAdvanced Supply Chain Planning

6 matches found

cve
cve
added 2021/12/14 12:0 a.m.1458 views

CVE-2021-4104

CVE-2021-4104 affects JMSAppender in Log4j 1.2 when it is explicitly configured to use JMSAppender. A deserialization of untrusted data can occur if an attacker can write Log4j configuration and supply TopicBindingName and TopicConnectionFactoryBindingName, causing JMSAppender to perform JNDI req...

7.5CVSS9.4AI score0.81147EPSS
In wild
cve
cve
added 2022/01/18 3:25 p.m.872 views

CVE-2022-23302

CVE-2022-23302 affects Log4j 1.x JMSSink. TheDeserialization flaw allows remote code execution when an attacker can write to the Log4j configuration or when the configuration references an LDAP service the attacker controls. JMSSink can be triggered via a TopicConnectionFactoryBindingName to caus...

8.8CVSS9.3AI score0.61785EPSS
cve
cve
added 2022/01/18 3:25 p.m.820 views

CVE-2022-23307

CVE-2022-23307 concerns a deserialization vulnerability in the Chainsaw component of Apache Log4j 1.x (Chainsaw bundled with Log4j 1.2.x). The root cause is unsafe deserialization of untrusted data via Chainsaw, allowing potential code execution. Multiple Atlassian products initially bundled Chai...

9CVSS9.2AI score0.52458EPSS
cve
cve
added 2022/01/18 3:25 p.m.744 views

CVE-2022-23305

CVE-2022-23305 concerns Apache Log4j 1.x when configured with JDBCAppender: an SQL statement is built from a PatternLayout-converted value (notably %m), allowing an attacker to craft input to alter and potentially execute SQL. The issue is specific to Log4j 1.x if JDBCAppender is used; JDBCAppend...

9.8CVSS9.4AI score0.66537EPSS
Web
cve
cve
added 2021/04/22 9:53 p.m.60 views

CVE-2021-2253

CVE-2021-2253 affects Oracle Advanced Supply Chain Planning (Oracle Supply Chain) Core in versions 12.1 and 12.2. The vulnerability arises in the core component, enabling an unauthenticated attacker to compromise via HTTP over network access, potentially leading to unauthorized creation, deletion...

9.1CVSS8.5AI score0.01471EPSS
cve
cve
added 2016/10/25 2:0 p.m.39 views

CVE-2016-5599

CVE-2016-5599 affects Oracle Supply Chain Products Suite, specifically the Oracle Advanced Supply Chain Planning (ASCP) component versions 12.2.3–12.2.5. The vulnerability is described as an unspecified remote issue tied to the MscObieeSrvlt subcomponent that could compromise confidentiality and ...

9.1CVSS7.9AI score0.01956EPSS