7 matches found
CVE-2019-10219
The CVE-2019-10219 entry affects Hibernate Validator: SafeHtml validator annotation fails to sanitize HTML comments/instructions, enabling XSS in affected code paths. Affected CP4S versions are 1.7.2.0, 1.8.0.0, and 1.8.1.0. Remediation is to upgrade to Cloud Pak for Security 1.9.0.0 per IBM guid...
CVE-2021-35683
CVE-2021-35683 affects Oracle Essbase Administration Services (EAS Console) in Oracle Essbase; affected versions are before 11.1.2.4.047. The vulnerability enables a low-privilege, network-accessible attacker over HTTP to compromise EAS, with the potential to takeover the Essbase Administration S...
CVE-2021-35652
The CVE-2021-35652 issue affects Oracle Essbase EAS Console in Oracle Essbase. Affected versions are pre-11.1.2.4.046 and pre-21.3; the vulnerability enables an unauthenticated, network-accessible attacker over HTTP to compromise Essbase Administration Services, with potential takeover of the ser...
CVE-2021-35651
CVE-2021-35651 affects Oracle Essbase EAS Console. Affected versions are prior to 11.1.2.4.046 and prior to 21.3. An attacker with low privileges on the network can access via HTTP to compromise Essbase Administration Services, potentially leading to unauthorized access to data and unauthorized u...
CVE-2021-35653
CVE-2021-35653 affects Oracle Essbase Essbase Administration Services (EAS Console). Vulnerable in Essex versions prior to 11.1.2.4.046 and prior to 21.3; an unauthenticated, low-privilege attacker with network access via HTTP can compromise EAS and potentially gain unauthorized access to data ac...
CVE-2021-35654
The CVE-2021-35654 issue affects Oracle Essbase EAS Console within Essbase Administration Services, with affected versions listed as prior to 11.1.2.4.046 and prior to 21.3. An unauthenticated attacker with network access over HTTP can cause the Essbase Administration Services to hang or crash re...
CVE-2021-35655
CVE-2021-35655 affects Oracle Essbase EAS Console within Essbase Administration Services. Affected products/versions are prior to 11.1.2.4.046 and prior to 21.3. The issue allows an unauthenticated, network-accessible attacker via HTTP to read a subset of Essbase Administration Services data. The...