56 matches found
CVE-2020-1935
CVE-2020-1935 affects Apache Tomcat across multiple branches: 9.0.0.M1–9.0.30, 8.5.0–8.5.50, and 7.0.0–7.0.99. It stems from HTTP header parsing that can mishandle end-of-line and Transfer-Encoding, enabling HTTP Request Smuggling when Tomcat sits behind certain reverse proxies. Impact is informa...
CVE-2019-0227
The CVE-2019-0227 entry concerns an SSRF in Apache Axis 1.4 (last released in 2006). The connected IBM bulletins confirm Axis 1.x vulnerability details and state Axis 2 is the successor, with 1.7.9 (Axis2) being not vulnerable. Affected Axis 1.x components are legacy; remediation is to upgrade to...
CVE-2018-8032
CVE-2018-8032 affects Apache Axis 1.x (up to 1.4) with a cross-site scripting (XSS) vulnerability in the default servlet/services. This vulnerability is documented in IBM/PM security bulletins linked to Axis, confirming an XSS flaw (CWE-79) in Axis 1.x and indicating broader IBM product exposure....
CVE-2024-20953
CVE-2024-20953 affects Oracle Agile PLM (Supply Chain) 9.3.6, specifically the Export component. The Nessus NASL notes this vulnerability allows a low-privileged, network-accessible attacker over HTTP to compromise Oracle Agile PLM, with potential takeover and a CVSS v3.1 base score of 8.8 (C/H, ...
CVE-2021-41165
CKEditor4 core HTML processing vulnerability (CVE-2021-41165) allows injection of malformed HTML comments bypassing content sanitization, potentially enabling JavaScript execution. Affected: CKEditor 4.x versions before 4.17.0 (affects all plugins). Impact: execution of arbitrary script in affect...
CVE-2024-21287
CVE-2024-21287 affects Oracle Agile PLM Framework 9.3.6, specifically the Software Development Kit/Process Extension component. The Nessus review notes a vulnerability in 9.3.6.x before 9.3.6.28.3 that enables an unauthenticated, network-accessible attacker (HTTP) to disclose files or access data...
CVE-2018-1257
CVE-2018-1257 affects Spring Framework: vulnerable in Spring Messaging when using an in-memory STOMP broker exposed via STOMP over WebSocket. A malicious user can craft a message to the broker that triggers a regular-expression denial of service. Affected versions are Spring Framework 5.0.x befor...
CVE-2018-11040
CVE-2018-11040 affects Spring Framework: 5.0.x before 5.0.7 and 4.3.x before 4.3.18 (and older unsupported versions). The issue arises because JSONP support can be enabled via JSONP parameters when MappingJackson2JsonView is configured, allowing cross-domain requests through AbstractJsonpResponse...
CVE-2025-21556
CVE-2025-21556 affects Oracle Agile PLM Framework (9.3.6) via the Agile Integration Services component. The vulnerability permits takeover with network access over HTTP by a low-privilege attacker, with CVSS 3.1 base score 9.9 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). Oracle’s January 2025 Critical ...
CVE-2018-2609
CVE-2018-2609 affects Oracle Agile PLM Security in Oracle Supply Chain Products Suite, with affected versions 9.3.5 and 9.3.6. The vulnerability allows an unauthenticated, network-accessible attacker (via HTTP) to compromise data confidentiality and integrity, potentially enabling unauthorized up...
CVE-2017-10093
The CVE-2017-10093 entry concerns Oracle Agile PLM within Oracle Supply Chain Products Suite. Affected versions are 9.3.5 and 9.3.6. The vulnerability exists in the Security subcomponent and allows an unauthenticated, network-accessible attacker over HTTP to read a subset of Oracle Agile PLM data...
CVE-2017-10299
CVE-2017-10299 affects Oracle Agile PLM within Oracle Supply Chain Products Suite (subcomponent: Security). Affected versions are 9.3.5 and 9.3.6. The vulnerability allows a low-privileged attacker with network access over HTTP to read a subset of Oracle Agile PLM data (unauthorized read access)....
CVE-2017-10082
CVE-2017-10082 affects Oracle Agile PLM (Security subcomponent) within Oracle Supply Chain Products Suite; affected versions are 9.3.5 and 9.3.6. The vulnerability allows an unauthenticated, network-accessible attacker over HTTP to compromise Oracle Agile PLM, with potential unauthorized read, up...
CVE-2017-10308
CVE-2017-10308 affects the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Performance). Affected versions: 9.3.5 and 9.3.6. The vulnerability allows physical access to compromise Oracle Agile PLM, enabling unauthorized update/insert/delete operations and unauthori...
CVE-2016-5527
Technical details about CVE-2016-5527 are not publicly available in the provided documents. Monitor for updates from official advisories; the entry concerns Oracle Agile PLM 9.3.4/9.3.5 with unspecified confidentiality impact.
CVE-2017-10080
CVE-2017-10080 affects Oracle Agile PLM, a subcomponent of Oracle Supply Chain Products Suite. Vulnerability exists in versions 9.3.5 and 9.3.6 of Oracle Agile PLM Security. An unauthenticated attacker with network access via HTTP can compromise data, with attacks requiring user interaction. Impa...
CVE-2017-10092
The CVE-2017-10092 entry concerns Oracle Agile PLM (Security subcomponent) within Oracle Supply Chain Products Suite, affected in versions 9.3.5 and 9.3.6. The vulnerability is exposed over HTTP and is easily exploitable by an unauthenticated attacker with network access. It requires user interac...
CVE-2017-10094
CVE-2017-10094 affects Oracle’s Agile PLM component within the Oracle Supply Chain Products Suite (subcomponent: Security). Affected versions are 9.3.5 and 9.3.6. The vulnerability allows a low-privilege attacker with network access over HTTP to compromise Oracle Agile PLM, with exploitation requ...
CVE-2017-10052
CVE-2017-10052 — affected product and details : The vulnerability is in Oracle Agile PLM, PCMServlet subcomponent, within Oracle Supply Chain Products Suite. Affected versions are 9.3.5 and 9.3.6. An unauthenticated attacker with network access via HTTP can compromise Oracle Agile PLM; successful...
CVE-2017-10088
CVE-2017-10088 affects Oracle Agile PLM within the Oracle Supply Chain Products Suite (Security subcomponent). Affected versions are 9.3.5 and 9.3.6. The vulnerability allows a high-privileged attacker with local logon to compromise Oracle Agile PLM, enabling unauthorized updates/inserts/deletes ...
CVE-2025-21564
Oracle Agile PLM Framework (Oracle Supply Chain) is affected in version 9.3.6, specifically the Agile Integration Services component. The CVE entry describes an easily exploitable vulnerability allowing a low-privileged attacker with network access via HTTP to obtain unauthorized access to critic...
CVE-2019-2817
CVE-2019-2817 affects Oracle Agile PLM within Oracle Supply Chain Products Suite, specifically the Folders, Files & Attachments subcomponent. Affected versions are 9.3.3, 9.3.4, 9.3.5 and 9.3.6. The vulnerability allows a low-privilege, network-accessible attacker (via HTTP) to compromise Oracle ...
CVE-2016-3553
CVE-2016-3553 relates to an unspecified vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite 9.3.4 and 9.3.5. The NVD entry states remote authenticated users can affect confidentiality and integrity via vectors related to PC Core. CVSSv3 basis is 5.4 (NETWORK, LOW...
CVE-2025-21560
CVE-2025-21560 affects Oracle Agile PLM Framework (component: SDK) with vulnerable 9.3.6. A low-privilege, network-access attacker (HTTP) can compromise the framework, potentially gaining unauthorized access to critical data or all data accessible by Oracle Agile PLM Framework. Concrete details f...
CVE-2025-21565
The CVE-2025-21565 entry concerns Oracle Agile PLM Framework (Oracle Supply Chain) Install component vulnerability affecting version 9.3.6. The root cause is weaknesses in the authorization mechanism of the Install component, enabling an unauthenticated, network-accessing attacker to compromise t...
CVE-2016-5524
Technical details for CVE-2016-5524 are not publicly available in the provided documents. Monitor for updates from official advisories; no specifics on affected product versions, vectors, or fixes are included here.
CVE-2020-2920
The CVE-2020-2920 entry concerns Oracle Agile PLM (Security component) in Oracle Supply Chain. Affected versions are 9.3.3, 9.3.5, and 9.3.6. The vulnerability allows an unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM, with impact including unauthorized read a...
CVE-2016-3507
CVE-2016-3507 affects Oracle Agile PLM within Oracle Supply Chain Products Suite versions 9.3.4 and 9.3.5, where a vulnerability in WebClient/Admin could allow remote attackers to compromise integrity. The connected PT-2016-5527 entry recommends updating to a fixed version for 9.3.4/9.3.5, and Or...
CVE-2016-3529
The CVE-2016-3529 entry concerns Oracle Agile PLM in Oracle Supply Chain Products Suite 9.3.4/9.3.5. The vulnerability is described as unspecified, allowing remote attackers to affect confidentiality via vectors related to SDK, and is noted as distinct from CVE-2016-3526 and CVE-2016-3560. The Co...
CVE-2016-3537
Technical details (affected product Versions, root cause, impact, and remediation) are not publicly available in the provided documents; monitor for updates from official advisories.
CVE-2016-3526
CVE-2016-3526 describes an unspecified vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite 9.3.4–9.3.5 . The weakness is stated to affect confidentiality via vectors related to the Software Development Kit (SDK); it is noted as a different vulnerability from CVE-...
CVE-2016-3560
Technical details (affected product components, root cause, exact exploit vectors, and practical impact) are not publicly provided in the connected documents; monitor for updates.
CVE-2016-5473
CVE-2016-5473 affects Oracle’s Oracle Supply Chain Products Suite (Oracle Agile PLM) versions 9.3.4 and 9.3.5 . The description indicates an unspecified vulnerability that allows remote authenticated users to affect confidentiality via vectors related to File Folders / Attachment . The underlying...
CVE-2016-5515
The CVE-2016-5515 entry describes an unspecified vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite 9.3.4/9.3.5 that allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to RMIServlet. The NVD entry provide...
CVE-2016-5521
CVE-2016-5521 affects the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5. The issue is described as an unspecified vulnerability that remote attackers can exploit to affect confidentiality and integrity via unknown vectors (distinct from CVE-2016-5512). CVSS metr...
CVE-2016-5523
CVE-2016-5523 affects Oracle Supply Chain Products Suite (Oracle Agile PLM) 9.3.4/9.3.5 via the AutoVue Java Applet. The root cause is an unspecified vulnerability that allows remote authenticated users to affect confidentiality, integrity, and availability. Impact is described as partial to tota...
CVE-2016-3539
CVE-2016-3539 concerns an unspecified vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite 9.3.4 and 9.3.5. The description states that remote authenticated users can impact integrity and availability via vectors related to File Folders/Attachments, which is a dis...
CVE-2016-3554
Affected product: Oracle Supply Chain Product Suite (SCP) 9.3.4 and 9.3.5 with Oracle Agile PLM component. The vulnerability is described as unspecified, allowing remote authenticated users to affect confidentiality, integrity, and availability via vectors related to PC / BOM, MCAD, and Design. C...
CVE-2016-3555
CVE-2016-3555 affects Oracle Agile PLM within Oracle Supply Chain Products Suite 9.3.4 and 9.3.5. The vulnerability is described as an unspecified issue that could affect confidentiality and integrity via vectors related to the PGC/Excel Plugin. The NVD entry notes network access with authenticat...
CVE-2016-5526
CVE-2016-5526 affects Oracle Supply Chain Products Suite (Oracle Agile PLM) versions 9.3.4 and 9.3.5, with a vulnerability in the Agile PLM component tied to Apache Tomcat that can impact confidentiality, integrity, and availability. Connected documents specify the SDK subcomponent as the vulnera...
CVE-2016-3420
Technical details (affected products, root cause, impact, or fixes) are not publicly available in the provided documents. Monitor for updates from official advisories.
CVE-2016-3431
Technical details about CVE-2016-3431 are not publicly available in the provided documents; no specifics on affected products, root cause, impact, or remediation are present. Monitor for updates.
CVE-2016-3519
CVE-2016-3519 affects Oracle Agile PLM as part of Oracle Supply Chain Products Suite 9.3.4–9.3.5. The vulnerability is described as an unspecified issue that allows remote attackers to affect confidentiality and integrity via vectors related to PC / Get Shortcut. The connected PT-2016-5538 page c...
CVE-2016-3561
The CVE-2016-3561 entry concerns an unspecified vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (SCP S) 9.3.4 and 9.3.5, where remote attackers could affect confidentiality, integrity, and availability via vectors related to the SDK. The NVD entry documents C...
CVE-2016-5510
CVE-2016-5510 pertains to Oracle Supply Chain Products Suite (Oracle Agile PLM), specifically the Oracle Agile PLM component in versions 9.3.4 and 9.3.5. Connected sources indicate an unspecified vulnerability that allows remote attackers to compromise confidentiality via unknown vectors; CNVD/CV...
CVE-2016-5512
Technical details are not publicly available in the provided documents for CVE-2016-5512. Monitor for updates in NVD/related feeds; no specific affected product versions, vectors, or remediation are disclosed here.
CVE-2016-5522
CVE-2016-5522 affects Oracle Agile PLM in Oracle Supply Chain Products Suite versions 9.3.4 and 9.3.5. The connected documents describe a remote-authenticated vulnerability in the Oracle Agile PLM component that can compromise confidentiality by reading data via unknown vectors. While multiple so...
CVE-2016-3517
CVE-2016-3517 affects Oracle Agile PLM in Oracle Supply Chain Products Suite v9.3.4–v9.3.5. The vulnerability, in the PC / Get Shortcut subcomponent, allows a remote attacker to affect data integrity. CVSSv3 base score 4.3 (Network, Low complexity, No privileges, User interaction required; Integr...
CVE-2016-3556
CVE-2016-3556 affects Oracle Agile PLM within Oracle Supply Chain Products Suite versions 9.3.4 and 9.3.5. The vulnerability is described as unspecified, enabling remote attackers to impact confidentiality, integrity, and availability via EM Integration vectors. The NVD CVSSv3 base score is 9.8 (...
CVE-2016-3557
CVE-2016-3557 affects the Oracle Agile PLM component of Oracle Supply Chain Products Suite (versions 9.3.4 and 9.3.5). The issue is described as an unspecified vulnerability that allows remote attackers to affect confidentiality and integrity via vectors related to File Load. The connected docume...