Lucene search
K
OracleFusion Middleware

313 matches found

CVE
CVE
added 2012/10/16 11:0 p.m.1108 views

CVE-2012-3152

CVE-2012-3152/3153 affect Oracle Fusion Middleware’s Oracle Reports Developer component (11.1.1.4, 11.1.1.6, 11.1.2.0). An unspecified vulnerability in the Report Server/Servlet can allow remote attackers to affect confidentiality and integrity; one note indicates possible file read/upload of a ....

9.1CVSS8.6AI score0.98695EPSS
In wildWeb
CVE
CVE
added 2012/05/03 10:0 p.m.1078 views

CVE-2012-1710

CVE-2012-1710 affects Oracle WebCenter Forms Recognition in Oracle Fusion Middleware 10.1.3.5. Multiple ActiveX components (CroProj.dll and Sssplt30.ocx) are vulnerable to directory-traversal flaws that can allow arbitrary file creation/overwrite when a user visits a crafted page. This enables re...

9.8CVSS5.8AI score0.11636EPSS
In wild
CVE
CVE
added 2012/10/16 11:0 p.m.998 views

CVE-2012-0518

Oracle Fusion Middleware – Oracle Application Server Single Sign-On (SASO) 10.1.4.3.0 is listed as vulnerable in CVE-2012-0518, with the issue related to Redirects and affecting integrity. A connected PT-2012-4537 entry confirms the affected version (10.1.4.3.0) and notes there is no information ...

4.7CVSS5.8AI score0.04664EPSS
In wild
CVE
CVE
added 2019/08/20 8:10 p.m.951 views

CVE-2019-10086

CVE-2019-10086 affects Apache Commons BeanUtils 1.9.2, where a BeanIntrospector addition could suppress access to the classloader via the class property on Java objects. The issue stems from not applying the suppression by default in PropertyUtilsBean, enabling potential risk across affected depl...

7.5CVSS7.3AI score0.28839EPSS
CVE
CVE
added 2014/07/17 2:36 a.m.756 views

CVE-2014-4210

CVE-2014-4210 is an unspecified WebLogic SSRF vulnerability affecting Oracle WebLogic Server in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0. It allows remote attackers to affect confidentiality via Web Services/WebLogic SSRF vectors. Public details describe an SSRF that could bypass network re...

5CVSS8.2AI score0.38152EPSS
Web
CVE
CVE
added 2020/05/01 6:55 p.m.505 views

CVE-2020-10683

CVE-2020-10683 is described in IBM Bulletin sources as an XXE vulnerability in the dom4j library, allowing a remote authenticated attacker to obtain sensitive information through XML processing. The issue stems from dom4j handling External DTDs/Entities by default, and multiple IBM entries map th...

9.8CVSS9.2AI score0.07269EPSS
CVE
CVE
added 2018/02/28 8:0 p.m.389 views

CVE-2018-1304

Apache Tomcat vulnerability CVE-2018-1304 arises from incorrect handling of the empty string URL pattern ("") in security constraint processing, allowing unauthorized access to protected resources. Affected versions: Tomcat 9.0.0.M1–9.0.4, 8.5.0–8.5.27, 8.0.0.RC1–8.0.49, and 7.0.0–7.0.84. This is...

5.9CVSS6.7AI score0.17378EPSS
CVE
CVE
added 2018/02/23 11:0 p.m.358 views

CVE-2018-1305

Apache Tomcat contains CVE-2018-1305, where security constraints defined by Servlet annotations were only applied after a Servlet load, potentially allowing unauthorized access to resources depending on the order of loading. Affected releases span 7.0.0–7.0.84, 8.0.0.RC1–8.0.49, 8.5.0–8.5.27, and...

6.5CVSS6.3AI score0.14737EPSS
CVE
CVE
added 2019/11/08 2:46 p.m.296 views

CVE-2019-10219

The CVE-2019-10219 entry affects Hibernate Validator: SafeHtml validator annotation fails to sanitize HTML comments/instructions, enabling XSS in affected code paths. Affected CP4S versions are 1.7.2.0, 1.8.0.0, and 1.8.1.0. Remediation is to upgrade to Cloud Pak for Security 1.9.0.0 per IBM guid...

6.5CVSS6AI score0.02167EPSS
CVE
CVE
added 2020/09/19 3:45 a.m.290 views

CVE-2020-5421

CVE-2020-5421 affects Spring Framework releases across multiple lines (5.2.x to 5.0.x, 4.3.x and older). The issue arises from improper input handling of the jsessionid path parameter, which may bypass RFD Protection and weaken security controls. Affected products reference VMware Tanzu Spring Fr...

8.7CVSS7.2AI score0.10736EPSS
CVE
CVE
added 2012/10/16 11:0 p.m.282 views

CVE-2012-3153

CVE-2012-3153 affects Oracle Fusion Middleware’s Oracle Reports Developer (11.1.1.4/11.1.1.6/11.1.2.0). It involves an unspecified vulnerability in the Reports Servlet that can compromise confidentiality and integrity via unknown vectors related to the Report Server component; the vulnerability m...

6.4CVSS8.7AI score0.9822EPSS
In wildWeb
CVE
CVE
added 2010/06/21 4:0 p.m.258 views

CVE-2010-1622

CVE-2010-1622 affects Spring Framework 2.5.x up to 2.5.6.SEC02 and 2.5.7 up to 2.5.7.SR01, and 3.0.x up to 3.0.3. The issue arises from binding request data to Java beans, which allows an attacker to overwrite nested properties of the ClassLoader (notably via class.classLoader.URLs[0]), enabling ...

6CVSS9.5AI score0.52003EPSS
CVE
CVE
added 2015/01/21 2:0 a.m.252 views

CVE-2014-0191

CVE-2014-0191 affects libxml2 up to version 2.9.1, where xmlParserHandlePEReference can load external parameter entities even when entity substitution or validation is disabled. This vulnerability can be exploited by processing crafted XML to cause resource consumption and denial of service in af...

4.3CVSS6.6AI score0.081EPSS
Web
CVE
CVE
added 2013/10/16 3:0 p.m.247 views

CVE-2013-3827

CVE-2013-3827 affects Oracle GlassFish Server components in Fusion Middleware 2.1.1, 3.0.1, 3.1.2; Oracle JDeveloper in 11.1.2.3.0, 11.1.2.4.0, 12.1.2.0.0; and Oracle WebLogic Server in Fusion Middleware 10.3.6.0 and 12.1.1. The vulnerability, related to JavaServer Faces/Web Container handling, a...

5CVSS5.5AI score0.32441EPSS
CVE
CVE
added 2021/07/20 10:43 p.m.240 views

CVE-2021-2351

CVE-2021-2351 affects Oracle Database Server’s Advanced Networking Option, with affected versions 12.1.0.2, 12.2.0.1, and 19c. The vulnerability allows unauthenticated network access via Oracle Net to compromise the Advanced Networking Option, with access requiring user interaction (UI_R) and ris...

8.3CVSS8.5AI score0.025EPSS
CVE
CVE
added 2012/10/17 12:0 a.m.194 views

CVE-2012-3175

Technical details for CVE-2012-3175 are not publicly provided in the connected documents. The available sources mention Oracle SSO 10.1.4.3.0 and redirects generally, but no concrete exploit, affected components/versions, root cause, or fixes are described here. Monitor for updates.

4.3CVSS5.8AI score0.0123EPSS
In wild
CVE
CVE
added 2012/05/03 10:0 p.m.190 views

CVE-2012-1709

CVE-2012-1709 targets Oracle WebCenter Forms Recognition via the CroProj.dll ActiveX control. The vulnerability stems from insufficient input validation, enabling a remote attacker to trigger a directory traversal that could yield arbitrary code execution in the context of the target browser when...

7.5CVSS5.8AI score0.0244EPSS
In wild
CVE
CVE
added 2012/07/17 10:0 p.m.177 views

CVE-2012-1744

CVE-2012-1744 affects Oracle Fusion Middleware 8.3.5 and 8.3.7 via the Oracle Outside In Technology component, specifically the Outside In Filters, allowing context-dependent users to impact availability. The underlying vectors and exploit details are not disclosed in the provided documents; the ...

2.1CVSS5.8AI score0.00878EPSS
CVE
CVE
added 2013/12/12 8:0 p.m.173 views

CVE-2013-5763

CVE-2013-5763 corresponds to a stack-based buffer overflow in the Oracle Outside In Technology OS/2 Metafile Parser. The vulnerability can be triggered by processing a crafted file, potentially allowing a remote attacker to execute arbitrary code with the privileges of the vulnerable application....

1.5CVSS5.5AI score0.0047EPSS
CVE
CVE
added 2013/01/17 1:30 a.m.153 views

CVE-2013-0393

CVE-2013-0393 affects Oracle Outside In Technology (SDK) used by Oracle Fusion Middleware 8.3.7 and 8.4 via the Paradox database stream filter (vspdx.dll). The vulnerability arises when processing Paradox field descriptions, enabling a context-dependent attacker to impact availability. Related ad...

6.8CVSS5.6AI score0.0148EPSS
CVE
CVE
added 2015/08/14 6:0 p.m.148 views

CVE-2014-3576

CVE-2014-3576 affects Apache ActiveMQ before 5.11.0, where the processControlCommand function in broker/TransportConnection.java allows a remote attacker to shut down the broker via a shutdown command, causing a denial of service. The vulnerability is confirmed in multiple connected sources, incl...

7.5CVSS7.1AI score0.12794EPSS
CVE
CVE
added 2011/01/19 3:0 p.m.142 views

CVE-2010-3598

Affected product: Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5. The issue is described as an unspecified vulnerability relating to the Import Export Utility that allows remote attackers to affect integrity. The Connected documents corroborate multiple CVEs (...

7.1CVSS5.9AI score0.02194EPSS
CVE
CVE
added 2012/01/18 10:0 p.m.142 views

CVE-2012-0110

CVE-2012-0110 maps to a vulnerability in the Oracle Outside In Library used by Oracle Fusion Middleware (Outside In Technology) and in related SDKs. The issue arises in the OOXML/Lotus 1-2-3 handling within the Outside In libraries (notably in versions 8.3.5–8.3.7), where improper parsing/validat...

4.4CVSS5.8AI score0.00356EPSS
CVE
CVE
added 2012/07/17 10:39 p.m.141 views

CVE-2012-1769

CVE-2012-1769 relates to Oracle Outside In Technology in Oracle Fusion Middleware 8.3.5/8.3.7, with an unspecified vulnerability that could affect availability via Outside In Filters (context-dependent attackers). Connected advisory material confirms a separate Oracle Outside In issue described a...

2.1CVSS5.5AI score0.01182EPSS
CVE
CVE
added 2011/01/19 3:0 p.m.138 views

CVE-2010-3591

CVE-2010-3591 affects Oracle Document Capture (ActiveX: Actbar2.ocx and EMPOP3Lib empop3.dll) within Oracle Fusion Middleware 10.1.3.4/10.1.3.5. DSecRG advisories describe insecure methods in Actbar2.ocx and empop3.dll that can overwrite or delete arbitrary files, with exploits publicly discussed...

9.3CVSS5.7AI score0.11818EPSS
CVE
CVE
added 2013/04/17 12:10 p.m.133 views

CVE-2013-1559

CVE-2013-1559 affects Oracle WebCenter Content Content Server. Public records show a remote authenticated vulnerability in the CheckOutAndOpen.dll ActiveX control that can lead to remote code execution, with confirmed testing/exploitation against Oracle WebCenter Content 11.1.1.6.0 (and earlier 1...

4CVSS5.3AI score0.58817EPSS
CVE
CVE
added 2012/10/16 11:0 p.m.126 views

CVE-2012-1686

CVE-2012-1686 affects Oracle BI Enterprise Edition/BI Publisher help page components. The connected ERPScan advisory documents an XSS vulnerability in Oracle BI Help Page (example path includes vt_chrome.js) affecting Oracle BI Enterprise Edition 10.1.3.4.0. The root cause is an XSS flaw in the O...

4.3CVSS5.9AI score0.01265EPSS
CVE
CVE
added 2011/01/19 3:0 p.m.121 views

CVE-2010-3599

The CVE-2010-3599 issue affects Oracle Document Capture (NCSECWLib ActiveX), where the WriteJPG method in NCSECWLib can be exploited via a crafted page to overwrite files or trigger a buffer overflow, potentially enabling arbitrary code execution. The vulnerability is reported in Oracle Document ...

9.4CVSS6.6AI score0.16177EPSS
CVE
CVE
added 2013/10/16 3:0 p.m.117 views

CVE-2013-5791

CVE-2013-5791 is a stack-based buffer overflow in Oracle Outside In Technology’s Microsoft Access 1.x database file parser used by IBM Content Manager/Content Foundation and related IBM products. The vulnerability allows code execution or denial of service when processing crafted MDB files; IBM d...

1.5CVSS6.9AI score0.01901EPSS
CVE
CVE
added 2015/07/16 10:0 a.m.110 views

CVE-2015-2623

The CVE-2015-2623 entry affects Oracle Fusion Middleware components: Oracle GlassFish Server (3.0.1, 3.1.2) and Oracle WebLogic Server (Fusion Middleware 10.3.6.0, 12.1.1.0, 12.1.2.0, 12.1.3.0). The underlying issue is related to JavaServer Faces, with remote attackers able to impact integrity vi...

4.3CVSS5.8AI score0.01607EPSS
CVE
CVE
added 2011/01/19 3:0 p.m.108 views

CVE-2010-3595

CVE-2010-3595 affects Oracle Document Capture’s EasyMail ActiveX control (emsmtp.dll). The connected advisories and exploit references describe an information-disclosure vulnerability caused by improper validation in the ImportBodyText/related methods, enabling a remote attacker to read arbitrary...

7.8CVSS5.5AI score0.1193EPSS
CVE
CVE
added 2011/01/19 3:0 p.m.107 views

CVE-2010-3592

Technical details for CVE-2010-3592 are not publicly available in the provided documents; the entries describe an unspecified vulnerability in Oracle Document Capture. Monitor for updates.

8.5CVSS5.9AI score0.02845EPSS
CVE
CVE
added 2013/04/17 2:0 p.m.104 views

CVE-2013-2380

Technical details for CVE-2013-2380 are not provided in the supplied connected documents. No product/version specifics or remediation are included here; monitor official advisories for updates and confirmation of applicability.

10CVSS6AI score0.02108EPSS
CVE
CVE
added 2011/04/20 3:9 a.m.101 views

CVE-2011-0785

CVE-2011-0785 affects Oracle Help component exposed by Oracle Database Server (versions 11.1.0.7, 11.2.0.1, 11.2.0.2, 10.1.0.5, 10.2.0.3–10.2.0.5, 10.1.0.5) and Oracle Fusion Middleware (11.1.1.2.0–11.1.1.4.0). Root cause: unspecified vulnerability in the Oracle Help component allowing remote int...

4.3CVSS6AI score0.01361EPSS
CVE
CVE
added 2010/10/13 10:0 p.m.100 views

CVE-2010-2390

CVE-2010-2390 describes a buffer overflow in the Oracle Enterprise Manager Grid Control EM Console component when processing overly long HTTP requests. The vulnerability affects Oracle Database Server 10.1.0.5/10.2.0.3, Oracle Fusion Middleware 10.1.2.3/10.1.4.3, and Enterprise Manager Grid Contr...

7.5CVSS6.1AI score0.02622EPSS
CVE
CVE
added 2010/10/13 10:0 p.m.98 views

CVE-2010-2389

CVE-2010-2389 affects Oracle Database Server components and Fusion Middleware. The Perl component in Oracle Database Server versions 11.2.0.1, 11.1.0.7, 10.2.0.3, 10.2.0.4, and 10.1.0.5, and in Fusion Middleware 11.1.1.1.0 and 11.1.1.2.0, allows a local user to affect integrity via unknown vector...

1CVSS5.5AI score0.00287EPSS
CVE
CVE
added 2011/07/20 10:36 p.m.97 views

CVE-2011-2232

CVE-2011-2232 affects Oracle Database Server XML Developer Kit. The vulnerable products include Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 11.1.0.7, 11.2.0.1 and Oracle Fusion Middleware 10.1.3.5. The issue is described as an unspecified vulnerability in the XML Developer Kit component ...

6CVSS5.7AI score0.01434EPSS
CVE
CVE
added 2014/07/17 2:36 a.m.94 views

CVE-2014-2480

IBM OpenPages with Application Server 6.2 through 7.0 is listed as potentially impacted by CVE-2014-2480 via Oracle WebLogic Server components. The IBM Security Bulletin notes an unspecified vulnerability with partial confidentiality, integrity, and availability impacts and provides a remediation...

6.8CVSS8.6AI score0.02941EPSS
CVE
CVE
added 2015/07/16 10:0 a.m.93 views

CVE-2015-4744

Technical details about CVE-2015-4744 are not provided in the supplied documents; no explicit affected products/versions or impact are disclosed. Monitor for updates.

2.6CVSS5.8AI score0.01792EPSS
CVE
CVE
added 2024/10/15 7:52 p.m.89 views

CVE-2024-21215

CVE-2024-21215 affects Oracle WebLogic Server (Fusion Middleware), specifically Core component, in versions 12.2.1.4.0 and 14.1.1.0.0. The vulnerability allows unauthenticated, network-accessible exploitation (via HTTP) that can cause the server to hang or crash (complete DoS). Other sources also...

7.5CVSS7.2AI score0.00619EPSS
CVE
CVE
added 2011/07/20 10:36 p.m.88 views

CVE-2011-2231

CVE-2011-2231 affects Oracle Database Server components (versions 10.1.0.5, 10.2.0.3/4/5, 11.1.0.7, 11.2.0.1) and Oracle Fusion Middleware 10.1.3.5. The XML Developer Kit component harbors an unspecified vulnerability that could allow remote attackers to impact availability via unknown vectors. T...

4.3CVSS6.2AI score0.01672EPSS
CVE
CVE
added 2011/01/19 3:0 p.m.87 views

CVE-2010-4427

Technical details for CVE-2010-4427 are not publicly provided in the connected documents you supplied. No concrete affected products, versions, or fixes are listed here. Monitor for updates from official advisories.

3.5CVSS5.4AI score0.01054EPSS
CVE
CVE
added 2014/07/17 10:0 a.m.87 views

CVE-2014-4241

CVE-2014-4241 affects Oracle WebLogic Server within Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0. The initial entry describes an unspecified vulnerability that allows remote attackers to affect integrity via vectors related to WLS - Web Services. Connected documents provide context for WebLogic...

4.3CVSS5.8AI score0.03838EPSS
CVE
CVE
added 2015/04/16 4:0 p.m.86 views

CVE-2015-0449

CVE-2015-0449 is an unspecified vulnerability in Oracle WebLogic Server Console of Oracle Fusion Middleware. Affected products/versions: Oracle WebLogic Server Console in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, and 12.1.2.0. The CNVD entry describes the vulnerability as affecting the Console...

5CVSS3.3AI score0.0191EPSS
CVE
CVE
added 2016/01/21 2:0 a.m.85 views

CVE-2016-0464

CVE-2016-0464 is an unspecified vulnerability affecting Oracle WebLogic Server (Oracle Fusion Middleware) with impact limited to integrity via the WLS-Console component. Affected versions include 10.3.6, 12.1.2, and 12.1.3. The NVD entry notes an unauthenticated network access path that could aff...

4.3CVSS7.1AI score0.01917EPSS
CVE
CVE
added 2015/04/16 4:0 p.m.84 views

CVE-2015-0482

Oracle Fusion Middleware WebLogic Server (Oracle WebLogic Server component) 12.1.2.0 and 12.1.3.0 contains a vulnerability in the WLS-WebServices subcomponent. The issue could allow remote authenticated users to affect confidentiality, integrity, and availability via WLS-WebServices-related vecto...

6CVSS3AI score0.01592EPSS
CVE
CVE
added 2012/07/17 10:39 p.m.82 views

CVE-2012-1771

Technical details are not publicly available in the provided documents for CVE-2012-1771; no affected products, versions, root cause, or remediation are disclosed here. Monitor for updates.

2.1CVSS5.5AI score0.00474EPSS
CVE
CVE
added 2012/10/17 10:0 a.m.82 views

CVE-2012-3217

CVE-2012-3217 affects Oracle Outside In Technology in Oracle Fusion Middleware 8.3.7.0, specifically the Outside In HTML Export SDK. The vulnerability is described as an unspecified issue that could allow context-dependent attackers to affect availability. Within the provided documents, there is ...

2.1CVSS5.7AI score0.01357EPSS
CVE
CVE
added 2013/04/17 12:10 p.m.82 views

CVE-2013-1529

Public details for CVE-2013-1529 are not provided in the supplied documents. They reference Oracle WebCenter Interaction components but give no concrete exploit, impact, or remediation. Monitor for updates.

4.3CVSS5.9AI score0.00985EPSS
CVE
CVE
added 2012/05/03 5:18 p.m.79 views

CVE-2012-0532

Technical details for CVE-2012-0532 are not publicly available in the provided documents. The connected sources reference an unspecified vulnerability in Oracle Identity Manager related to User Config Management. Monitor for updates.

5.5CVSS5.2AI score0.01105EPSS
Total number of security vulnerabilities313