Lucene search
+L
OracleFusion Middleware Mapviewer

13 matches found

cve
cve
added 2018/01/18 11:0 p.m.3348 views

CVE-2015-9251

CVE-2015-9251 affects jQuery before 3.0.0, enabling XSS when a cross-domain Ajax request omits the dataType option and text/javascript responses are executed. Connected advisories confirm the issue and indicate an upgrade resolves it; remediation is to upgrade jQuery to a fixed version as provide...

6.1CVSS6.3AI score0.29726EPSS
Web
cve
cve
added 2019/04/19 12:0 a.m.3109 views

CVE-2019-11358

CVE-2019-11358 is a prototype pollution vulnerability in jQuery (before 3.4.0) where mishandling of extend(true, {}, ...) can extend Object.prototype if an unsanitized source object has an enumerable proto property. The Core issue is triggered when a polluted prototype is introduced via nested ob...

6.1CVSS6.4AI score0.87218EPSS
In wild
cve
cve
added 2021/04/13 6:50 a.m.636 views

CVE-2021-29425

CVE-2021-29425 affects Apache Commons IO up to version 2.6, specifically FileNameUtils.normalize. With inputs such as "//../foo" or "\..\foo", normalization can yield a value that does not escape to higher directories, potentially enabling access to the parent directory if the resulting path is u...

5.8CVSS6.7AI score0.10608EPSS
In wild
cve
cve
added 2017/04/17 9:0 p.m.607 views

CVE-2017-5645

CVE-2017-5645 affects Apache Log4j 2.x prior to 2.8.2. The vulnerability arises when using a TCP/UDP socket server to receive serialized log events from another application; a crafted binary payload can be deserialized to execute arbitrary code. The documented impact is remote code execution via ...

9.8CVSS9.5AI score0.8904EPSS
cve
cve
added 2019/07/26 12:0 a.m.586 views

CVE-2019-13990

CVE-2019-13990 affects Terracotta Quartz Scheduler within Atlassian Jira Service Management Data Center/Server and related Oracle Fusion Middleware deployments, via XXE in the Terracotta Quartz Scheduler component when parsing a job description. The root cause is an XML External Entity condition ...

9.8CVSS9AI score0.162EPSS
cve
cve
added 2020/11/12 12:0 a.m.299 views

CVE-2019-17566

CVE-2019-17566 (Apache Batik) is a server-side request forgery caused by improper input validation in xlink:href attributes, potentially allowing an attacker to trigger arbitrary GET requests from the vulnerable server. Connected advisories reference Batik-related SSRF issues across IBM JRS, SUSE...

7.5CVSS8.2AI score0.1074EPSS
cve
cve
added 2019/11/08 2:46 p.m.298 views

CVE-2019-10219

The CVE-2019-10219 entry affects Hibernate Validator: SafeHtml validator annotation fails to sanitize HTML comments/instructions, enabling XSS in affected code paths. Affected CP4S versions are 1.7.2.0, 1.8.0.0, and 1.8.1.0. Remediation is to upgrade to Cloud Pak for Security 1.9.0.0 per IBM guid...

6.5CVSS6AI score0.02167EPSS
cve
cve
added 2021/02/24 12:0 a.m.297 views

CVE-2020-11987

CVE-2020-11987 – SSRF in Apache Batik 1.13 . The initial description confirms a server-side request forgery via improper input validation in NodePickerPanel, enabling an attacker to make arbitrary GET requests from the server. Connected documents corroborate concrete remediation actions across ve...

8.2CVSS7.8AI score0.13635EPSS
cve
cve
added 2018/05/24 4:0 p.m.191 views

CVE-2018-8013

Apache Batik 1.x before 1.10 is vulnerable to information disclosure via deserializing a subclass of AbstractDocument, where inputStream-derived class name is used to invoke a no-arg constructor. The fix is to validate the class type before newInstance during deserialization; remediation is to up...

9.8CVSS8.6AI score0.19523EPSS
cve
cve
added 2017/04/24 7:0 p.m.67 views

CVE-2017-3230

CVE-2017-3230 affects Oracle Fusion Middleware MapViewer (Map Builder) with MapViewer versions 11.1.1.9, 12.2.1.1, 12.2.1.2. Connected advisories describe concrete flaws in FileUploaderServlet: a directory traversal/ improper input validation on multipart form-data can be exploited by unauthentic...

9CVSS7.5AI score0.02005EPSS
cve
cve
added 2018/07/18 1:0 p.m.53 views

CVE-2018-2943

CVE-2018-2943 affects the Oracle Fusion Middleware MapViewer component (Map Builder) and specifically targets Fusion Middleware versions 12.2.1.2.0 and 12.2.1.3.0. The vulnerability allows an unauthenticated, network-accessible attacker via HTTP to compromise MapViewer, with potential takeover an...

9.8CVSS8.7AI score0.02245EPSS
cve
cve
added 2020/07/15 5:34 p.m.52 views

CVE-2020-14608

CVE-2020-14608 affects Oracle Fusion Middleware MapViewer Tile Server (version 12.2.1.3.0). The vulnerability allows unauthenticated network access via HTTP to compromise MapViewer, potentially enabling unauthorized creation, deletion or modification of data, and read access to data. The CVSS v3....

8.2CVSS7.6AI score0.01283EPSS
cve
cve
added 2020/07/15 5:34 p.m.43 views

CVE-2020-14607

CVE-2020-14607 affects Oracle Fusion Middleware MapViewer Tile Server (versions 12.2.1.3.0 and 12.2.1.4.0). The vulnerability allows an unauthenticated attacker with network access over HTTP to compromise MapViewer; exploitation is described as easily exploitable and may lead to unauthorized read...

6.1CVSS5.8AI score0.00913EPSS