12 matches found
CVE-2019-11358
CVE-2019-11358 is a prototype pollution vulnerability in jQuery (before 3.4.0) where mishandling of extend(true, {}, ...) can extend Object.prototype if an unsanitized source object has an enumerable proto property. The Core issue is triggered when a polluted prototype is introduced via nested ob...
CVE-2019-0227
The CVE-2019-0227 entry concerns an SSRF in Apache Axis 1.4 (last released in 2006). The connected IBM bulletins confirm Axis 1.x vulnerability details and state Axis 2 is the successor, with 1.7.9 (Axis2) being not vulnerable. Affected Axis 1.x components are legacy; remediation is to upgrade to...
CVE-2018-8032
CVE-2018-8032 affects Apache Axis 1.x (up to 1.4) with a cross-site scripting (XSS) vulnerability in the default servlet/services. This vulnerability is documented in IBM/PM security bulletins linked to Axis, confirming an XSS flaw (CWE-79) in Axis 1.x and indicating broader IBM product exposure....
CVE-2020-2553
The CVE-2020-2553 entry describes an unauthenticated remote vulnerability in Oracle Knowledge 8.6.0–8.6.3, affecting the Information Manager Console. The issue allows network access via HTTP to perform unauthorized updates/inserts/deletes and read access to data, with confidentiality and integrit...
CVE-2020-2931
Affected product: Oracle Knowledge Web Applications – InfoCenter. Vulnerable component: InfoCenter Web Applications; affected versions: 8.6.0–8.6.3. Root cause: unspecified in primary description, but vulnerability allows unauthenticated access over HTTP leading to takeover of Oracle Knowledge. I...
CVE-2020-2522
CVE-2020-2522 affects Oracle Knowledge, Information Manager Console (versions 8.6.0–8.6.1). The vulnerability can be exploited by an unauthenticated attacker over HTTP with network access to Oracle Knowledge, with user interaction required. Impact is unauthorized update/insert/delete of data in t...
CVE-2020-2524
CVE-2020-2524 affects Oracle Knowledge’s InQuira Search in versions 8.6.0–8.6.3. An unauthenticated, network-accessible attacker via HTTP can cause a hang or frequent crash (DoS). The issue is described as difficult to exploit (high complexity) with no authentication required. Oracle’s APR 2020 C...
CVE-2020-2791
The CVE-2020-2791 entry affects Oracle Knowledge, specifically the Information Manager Console component, in versions 8.6.0–8.6.2. The vulnerability is exploitable over HTTP without authentication, allowing an unauthenticated, network-accessible attacker to compromise Oracle Knowledge and potenti...
CVE-2016-3475
CVE-2016-3475 affects Oracle Siebel CRM 8.5.x (Oracle Knowledge component, Information Manager Console). The Nessus plugin for Oracle Siebel CRM 8.5.x
CVE-2020-2795
CVE-2020-2795 affects Oracle Knowledge, Information Manager Console, versions 8.6.0–8.6.2. The vulnerability is exploitable by a high-privilege user with logon access; exploitation requires user interaction and can lead to takeover of Oracle Knowledge. The provided documents do not include a patc...
CVE-2020-2932
CVE-2020-2932 affects Oracle Knowledge, Information Manager Console component, versions 8.6.0–8.6.3. The vulnerability allows an unauthenticated, network-accessible attacker over HTTP to cause a hang or frequent crashes (complete DoS) of Oracle Knowledge. The root cause is described as a vulnerab...
CVE-2016-3476
Oracle Siebel CRM 8.5.x is affected by CVE-2016-3476 in the Oracle Knowledge component (Information Manager Console). The Nessus entry cites an unauthenticated attacker with network access via HTTP who can compromise Oracle Knowledge, potentially resulting in unauthorized update/insert/delete of ...