Fusion Middleware Security Vulnerabilities and Issues — Fusion Middleware CVE List

Lucene search

OracleFusion Middleware

68 matches found

CVE•added 2015/01/21 2:59 p.m.•208 views

CVE-2014-0191

The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation is ...

4.3CVSS6.6AI score0.01309EPSS

CVE•added 2015/08/14 6:59 p.m.•116 views

CVE-2014-3576

The processControlCommand function in broker/TransportConnection.java in Apache ActiveMQ before 5.11.0 allows remote attackers to cause a denial of service (shutdown) via a shutdown command.

7.5CVSS7.1AI score0.17549EPSS

CVE•added 2015/07/16 10:59 a.m.•89 views

CVE-2015-2623

Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2, and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, 12.1.2.0, and 12.1.3.0, allows remote attackers to affect integrity via unknown vectors related to...

4.3CVSS5.8AI score0.00237EPSS

CVE•added 2015/07/16 11:0 a.m.•78 views

CVE-2015-4744

Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect integrity via unknown vectors rel...

2.6CVSS5.8AI score0.00288EPSS

CVE•added 2015/04/16 4:59 p.m.•70 views

CVE-2015-0449

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect integrity via unknown vectors related to Console.

5CVSS3.3AI score0.00348EPSS

CVE•added 2015/04/16 4:59 p.m.•67 views

CVE-2015-0482

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 12.1.2.0 and 12.1.3.0 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to WLS-WebServices.

6CVSS3AI score0.00402EPSS

CVE•added 2015/10/21 9:59 p.m.•63 views

CVE-2015-1829

Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 10.1.3.5, 11.1.1.7, 11.1.1.9, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect availability via unknown vectors related to Web Listener.

5CVSS8.1AI score0.01123EPSS

CVE•added 2015/07/16 10:59 a.m.•56 views

CVE-2015-1926

Unspecified vulnerability in the Oracle WebCenter Portal component in Oracle Fusion Middleware 11.1.1.8.0 and 11.1.1.9.0, and the Oracle Applications Framework component in Oracle E-Business Suite 12.2.3 and 12.2.4, allows remote authenticated users to affect confidentiality and integrity via unkno...

5.5CVSS5.1AI score0.00283EPSS

CVE•added 2015/01/21 6:59 p.m.•55 views

CVE-2015-0386

Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect availability via unknown vectors related to Web Listener, a different vulnerability than CVE-2013-0338, CVE-2013-2877, and CVE-2014-0191.

4.3CVSS7.6AI score0.01309EPSS

CVE•added 2015/01/21 3:28 p.m.•53 views

CVE-2014-6569

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality via vectors related to CIE Related Components.

5CVSS5.8AI score0.00295EPSS

CVE•added 2015/10/22 12:0 a.m.•53 views

CVE-2015-4912

Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.2.2 and 11.1.2.3 allows remote attackers to affect confidentiality via vectors related to SSO Engine.

4.3CVSS5.7AI score0.00321EPSS

CVE•added 2015/01/21 7:59 p.m.•52 views

CVE-2015-0420

Unspecified vulnerability in the Oracle Forms component in Oracle Fusion Middleware 11.1.1.7 and 11.1.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Forms Services.

4.3CVSS5.8AI score0.00362EPSS

CVE•added 2015/07/16 10:59 a.m.•51 views

CVE-2015-2593

Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.2.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Configuration Service.

7.1CVSS5.2AI score0.00089EPSS

CVE•added 2015/01/21 3:28 p.m.•50 views

CVE-2014-6571

Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Web Listener, a different vulnerability than CVE-2011-1944.

6.8CVSS7.1AI score0.17548EPSS

CVE•added 2015/10/21 11:59 p.m.•50 views

CVE-2015-4877

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-4878.

1.5CVSS5.4AI score0.00198EPSS

CVE•added 2015/10/21 11:59 p.m.•49 views

CVE-2015-4899

Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2 allows remote attackers to affect confidentiality via unknown vectors related to Security.

4.3CVSS5.7AI score0.00321EPSS

CVE•added 2015/01/21 3:28 p.m.•48 views

CVE-2014-6580

Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.7 and 11.1.2.2 allows remote attackers to affect integrity via unknown vectors.

4.3CVSS6.2AI score0.00311EPSS

CVE•added 2015/07/16 11:0 a.m.•48 views

CVE-2015-4742

Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.2.4.0, 12.1.2.0.0, and 12.1.3.0.0 allows remote attackers to affect availability via vectors related to ADF Faces.

5CVSS5.9AI score0.00705EPSS

CVE•added 2015/01/21 7:59 p.m.•47 views

CVE-2015-0414

Unspecified vulnerability in the Oracle SOA Suite component in Oracle Fusion Middleware 11.1.1.7 and 12.1.3.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Fabric Layer.

3.5CVSS5.2AI score0.00197EPSS

CVE•added 2015/07/16 10:59 a.m.•47 views

CVE-2015-2598

Unspecified vulnerability in the mobile app in Oracle Business Intelligence Enterprise Edition in Oracle Fusion Middleware before 11.1.1.7.0 (11.6.39) allows remote authenticated users to affect integrity via unknown vectors related to Mobile - iPad.

3.5CVSS5.6AI score0.0015EPSS

CVE•added 2015/07/16 10:59 a.m.•47 views

CVE-2015-2606

Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Integrator, a different vulnerability than CV...

7.5CVSS5.7AI score0.00772EPSS

CVE•added 2015/10/21 9:59 p.m.•47 views

CVE-2015-4799

Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 7.6.2, 11.1.1.6.1, and 11.1.1.8.0 allows remote attackers to affect integrity via unknown vectors related to Security.

4.3CVSS5.9AI score0.00287EPSS

CVE•added 2015/10/21 11:59 p.m.•47 views

CVE-2015-4878

1.5CVSS5.4AI score0.00198EPSS

CVE•added 2015/07/16 10:59 a.m.•46 views

CVE-2015-0446

Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Data Quality based on Trillium, a different vulnerability than CVE-2015-0443, CVE-20...

6.8CVSS5.7AI score0.00685EPSS

CVE•added 2015/10/21 9:59 p.m.•46 views

CVE-2015-4812

Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.9 allows remote attackers to affect confidentiality via vectors related to OSSL Module.

2.6CVSS5.7AI score0.00321EPSS

CVE•added 2015/04/16 4:59 p.m.•45 views

CVE-2015-0474

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.1, 8.5.0, and 8.5.1 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-0493.

1.5CVSS5.4AI score0.00544EPSS

CVE•added 2015/04/16 4:59 p.m.•45 views

CVE-2015-0493

1.5CVSS5.4AI score0.00544EPSS

CVE•added 2015/07/16 10:59 a.m.•45 views

CVE-2015-2602

7.5CVSS5.7AI score0.00772EPSS

CVE•added 2015/07/16 10:59 a.m.•45 views

CVE-2015-2634

6.8CVSS5.7AI score0.00685EPSS

CVE•added 2015/07/16 11:0 a.m.•45 views

CVE-2015-4745

7.5CVSS5.7AI score0.00772EPSS

CVE•added 2015/10/21 9:59 p.m.•45 views

CVE-2015-4832

Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.7, 11.1.2.2, and 11.1.2.3 allows remote attackers to affect integrity via vectors related to OIM Legacy UI.

4.3CVSS5.9AI score0.00311EPSS

CVE•added 2015/10/21 11:59 p.m.•45 views

CVE-2015-4838

Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.4.0, 12.1.2.0.0, and 12.1.3.0.0 allows remote authenticated users to affect confidentiality via vectors related to ADF Faces.

4CVSS5.2AI score0.00169EPSS

CVE•added 2015/01/21 6:59 p.m.•43 views

CVE-2015-0367

Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to affect integrity via vectors related to SSO Engine.

5CVSS5.9AI score0.00483EPSS

CVE•added 2015/01/21 6:59 p.m.•43 views

CVE-2015-0389

Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 8.0 Update 2 Patch 5 allows remote authenticated users to affect integrity via vectors related to SAML, a different vulnerability than CVE-2014-6592.

3.5CVSS5.4AI score0.0015EPSS

CVE•added 2015/01/21 7:59 p.m.•43 views

CVE-2015-0434

Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to affect confidentiality via vectors related to Integration with OAM.

4.3CVSS5.8AI score0.00409EPSS

CVE•added 2015/07/16 10:59 a.m.•42 views

CVE-2015-0444

6.8CVSS5.7AI score0.00685EPSS

CVE•added 2015/04/16 4:59 p.m.•42 views

CVE-2015-0461

Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5 and 11.1.1.7 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Authentication Engine.

7CVSS5.2AI score0.00273EPSS

CVE•added 2015/10/21 11:59 p.m.•42 views

CVE-2015-4880

Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1 allows remote attackers to affect integrity via unknown vectors related to Content Server, a different vulnerability than CVE-2015-4867.

4.3CVSS5.8AI score0.00287EPSS

CVE•added 2015/10/22 12:0 a.m.•42 views

CVE-2015-4909

Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.4.0, 12.1.2.0.0, and 12.1.3.0.0 allows remote attackers to affect integrity via vectors related to ADF Faces.

5CVSS5.9AI score0.00311EPSS

CVE•added 2015/07/16 10:59 a.m.•41 views

CVE-2015-2635

6.8CVSS5.7AI score0.00685EPSS

CVE•added 2015/07/16 11:0 a.m.•41 views

CVE-2015-4751

Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.7 and 11.1.2.2 allows remote attackers to affect availability via unknown vectors related to Authentication Engine.

5CVSS6AI score0.00725EPSS

CVE•added 2015/10/21 9:59 p.m.•41 views

CVE-2015-4811

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via vectors related to Outside In PDF Export SDKutside In PDF Export SDK, a different vulnerability than CVE-2015-4809.

1.5CVSS5.5AI score0.00091EPSS

CVE•added 2015/10/21 11:59 p.m.•41 views

CVE-2015-4867

4.3CVSS5.8AI score0.00287EPSS

CVE•added 2015/10/22 12:0 a.m.•41 views

CVE-2015-4914

Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 10.1.3.5, 11.1.1.7, 11.1.1.9, 12.1.2.0, and 12.1.3.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Web Listener.

3.5CVSS5.2AI score0.00143EPSS

CVE•added 2015/07/16 10:59 a.m.•40 views

CVE-2015-0443

6.8CVSS5.7AI score0.00685EPSS

CVE•added 2015/04/16 4:59 p.m.•40 views

CVE-2015-0456

Unspecified vulnerability in the Oracle WebCenter Portal component in Oracle Fusion Middleware 11.1.1.8.0 allows remote attackers to affect integrity via unknown vectors related to Portlet Services.

4.3CVSS5.9AI score0.00407EPSS

CVE•added 2015/07/16 11:0 a.m.•40 views

CVE-2015-2658

Unspecified vulnerability in the Web Cache component in Oracle Fusion Middleware 11.1.1.7.0 allows remote attackers to affect confidentiality via vectors related to SSL/TLS Support.

5CVSS5.8AI score0.00277EPSS

CVE•added 2015/01/21 6:59 p.m.•39 views

CVE-2015-0401

Unspecified vulnerability in the Oracle Directory Server Enterprise Edition component in Oracle Fusion Middleware 7.0 and 11.1.1.7 allows remote authenticated users to affect integrity via unknown vectors related to Admin Console.

4CVSS5.4AI score0.0015EPSS

CVE•added 2015/07/16 10:59 a.m.•39 views

CVE-2015-2603

7.5CVSS5.7AI score0.00772EPSS

CVE•added 2015/10/21 9:59 p.m.•39 views

CVE-2015-4809

1.5CVSS5.5AI score0.00091EPSS

Total number of security vulnerabilities68