Business Process Management Suite Security Vulnerabilities and Issues — Business Process Management Suite CVE List

Lucene search

OracleBusiness Process Management Suite

5 matches found

CVE•added 2020/05/01 7:15 p.m.•443 views

CVE-2020-10683

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.

9.8CVSS9.2AI score0.02147EPSS

CVE•added 2020/05/14 4:15 p.m.•403 views

CVE-2020-1945

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tr...

6.3CVSS6.8AI score0.00021EPSS

CVE•added 2020/12/07 8:15 p.m.•275 views

CVE-2020-17521

Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the e...

5.5CVSS5.4AI score0.00357EPSS

CVE•added 2020/03/23 2:15 p.m.•117 views

CVE-2020-1950

A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23.

5.5CVSS5.5AI score0.00557EPSS

CVE•added 2020/03/23 2:15 p.m.•98 views

CVE-2020-1951

A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23.

5.5CVSS5.5AI score0.00341EPSS