Enterprise Manager Base Platform Security Vulnerabilities and Issues — Enterprise Manager Base Platform CVE List

Lucene search

OracleEnterprise Manager Base Platform

9 matches found

CVE•added 2022/01/18 4:15 p.m.•740 views

CVE-2022-23302

JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configura...

8.8CVSS9.3AI score0.72202EPSS

In wild

CVE•added 2022/01/18 4:15 p.m.•650 views

CVE-2022-23307

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.

9CVSS9.2AI score0.00882EPSS

CVE•added 2022/01/18 4:15 p.m.•621 views

CVE-2022-23305

By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings int...

9.8CVSS9.4AI score0.14136EPSS

Web

CVE•added 2022/04/21 11:15 p.m.•137 views

CVE-2022-29577

OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content. NOTE: this issue exists because of an incomplete fix for CVE-2022-28367.

6.1CVSS6.1AI score0.00268EPSS

CVE•added 2022/04/19 9:15 p.m.•103 views

CVE-2022-21469

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: UI Framework). Supported versions that are affected are 13.4.0.0 and 13.5.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterpris...

4.7CVSS4.4AI score0.0032EPSS

CVE•added 2022/01/19 12:15 p.m.•88 views

CVE-2022-21392

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Policy Framework). Supported versions that are affected are 13.4.0.0 and 13.5.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Enterp...

8.8CVSS7.7AI score0.00204EPSS

CVE•added 2022/07/19 10:15 p.m.•88 views

CVE-2022-21516

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Manager Install). Supported versions that are affected are 13.4.0.0 and 13.5.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compro...

7.3CVSS6.6AI score0.00776EPSS

CVE•added 2022/10/18 9:15 p.m.•62 views

CVE-2022-21623

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Application Config Console). Supported versions that are affected are 13.4.0.0 and 13.5.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compro...

7.5CVSS7.4AI score0.00509EPSS

CVE•added 2022/07/19 10:15 p.m.•58 views

CVE-2022-21536

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Policy Framework). Supported versions that are affected are 13.4.0.0 and 13.5.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Ent...

8.1CVSS7.8AI score0.04228EPSS