Lucene search
+L
OracleGlobal Lifecycle Management Nextgen Oui Framework

6 matches found

CVE
CVE
added 2022/03/11 12:0 a.m.895 views

CVE-2020-36518

CVE-2020-36518 affects jackson-databind prior to 2.13.0, enabling a Java StackOverflow and DoS via excessive nesting depth. In affected advisories, remediation is to upgrade jackson-databind to 2.13.0+ (examples show 2.13.x or newer such as 2.13.4.2 in Crowd/CWD references). Practical impact is d...

7.5CVSS7.4AI score0.0486EPSS
CVE
CVE
added 2019/10/12 8:7 p.m.414 views

CVE-2019-17531

CVE-2019-17531 affects FasterXML jackson-databind 2.0.0–2.9.10; when Default Typing is enabled for an externally exposed JSON endpoint and apache-log4j-extra 1.2.x is on the classpath, an attacker capable of providing a JNDI service can trigger remote code execution. Connected documents corrobora...

9.8CVSS9.2AI score0.05373EPSS
CVE
CVE
added 2022/01/24 12:0 a.m.390 views

CVE-2022-23437

Technical specifics for CVE-2022-23437 (Xerces-J infinite loop in XML parsing) are not disclosed in the provided connected documents. Monitor for vendor/maintainer updates; current entries reference the issue but do not provide detailed root-cause, affected versions beyond 2.12.1, or fixes.

7.1CVSS6.6AI score0.0444EPSS
CVE
CVE
added 2019/10/01 4:6 p.m.347 views

CVE-2019-16943

CVE-2019-16943 affects FasterXML jackson-databind (versions 2.0.0–2.9.10) via a polymorphic typing flaw that, when Default Typing is enabled for an exposed JSON endpoint and a p6spy P6DataSource is present in the classpath with an accessible RMI endpoint, can lead to remote code execution. The ro...

9.8CVSS9.3AI score0.04901EPSS
CVE
CVE
added 2019/10/01 4:4 p.m.326 views

CVE-2019-16942

CVE-2019-16942 affects FasterXML jackson-databind 2.0.0–2.9.10. When Default Typing is enabled for an externally exposed JSON endpoint and the service includes the commons-dbcp 1.4 jar on the classpath, with an accessible RMI endpoint, the vulnerability can allow execution of a malicious payload ...

9.8CVSS9.4AI score0.05728EPSS
CVE
CVE
added 2023/01/17 11:35 p.m.89 views

CVE-2023-21894

CVE-2023-21894 affects Oracle Global Lifecycle Management NextGen OUI Framework (NextGen Installer issues). Public sources indicate a input-validation weakness in the NextGen Installer component that can be exploited by a low-privileged user with logon to the host running the framework; exploitat...

7.3CVSS7.1AI score0.00208EPSS