Lucene search
K
OracleKnowledge

12 matches found

CVE
CVE
added 2019/04/19 12:0 a.m.2975 views

CVE-2019-11358

CVE-2019-11358 is a prototype pollution vulnerability in jQuery (before 3.4.0) where mishandling of extend(true, {}, ...) can extend Object.prototype if an unsanitized source object has an enumerable proto property. The Core issue is triggered when a polluted prototype is introduced via nested ob...

6.1CVSS6.4AI score0.87218EPSS
In wild
CVE
CVE
added 2019/05/01 8:3 p.m.290 views

CVE-2019-0227

The CVE-2019-0227 entry concerns an SSRF in Apache Axis 1.4 (last released in 2006). The connected IBM bulletins confirm Axis 1.x vulnerability details and state Axis 2 is the successor, with 1.7.9 (Axis2) being not vulnerable. Affected Axis 1.x components are legacy; remediation is to upgrade to...

7.5CVSS8.3AI score0.86503EPSS
Web
CVE
CVE
added 2018/08/02 1:0 p.m.255 views

CVE-2018-8032

CVE-2018-8032 affects Apache Axis 1.x (up to 1.4) with a cross-site scripting (XSS) vulnerability in the default servlet/services. This vulnerability is documented in IBM/PM security bulletins linked to Axis, confirming an XSS flaw (CWE-79) in Axis 1.x and indicating broader IBM product exposure....

6.1CVSS5.8AI score0.10554EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.71 views

CVE-2020-2553

The CVE-2020-2553 entry describes an unauthenticated remote vulnerability in Oracle Knowledge 8.6.0–8.6.3, affecting the Information Manager Console. The issue allows network access via HTTP to perform unauthorized updates/inserts/deletes and read access to data, with confidentiality and integrit...

5.8CVSS4.5AI score0.00942EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.64 views

CVE-2020-2931

Affected product: Oracle Knowledge Web Applications – InfoCenter. Vulnerable component: InfoCenter Web Applications; affected versions: 8.6.0–8.6.3. Root cause: unspecified in primary description, but vulnerability allows unauthenticated access over HTTP leading to takeover of Oracle Knowledge. I...

9.8CVSS9AI score0.02712EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.59 views

CVE-2020-2522

CVE-2020-2522 affects Oracle Knowledge, Information Manager Console (versions 8.6.0–8.6.1). The vulnerability can be exploited by an unauthenticated attacker over HTTP with network access to Oracle Knowledge, with user interaction required. Impact is unauthorized update/insert/delete of data in t...

4.3CVSS3.6AI score0.01041EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.57 views

CVE-2020-2524

CVE-2020-2524 affects Oracle Knowledge’s InQuira Search in versions 8.6.0–8.6.3. An unauthenticated, network-accessible attacker via HTTP can cause a hang or frequent crash (DoS). The issue is described as difficult to exploit (high complexity) with no authentication required. Oracle’s APR 2020 C...

5.9CVSS5.6AI score0.01446EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.54 views

CVE-2020-2791

The CVE-2020-2791 entry affects Oracle Knowledge, specifically the Information Manager Console component, in versions 8.6.0–8.6.2. The vulnerability is exploitable over HTTP without authentication, allowing an unauthenticated, network-accessible attacker to compromise Oracle Knowledge and potenti...

9.8CVSS9AI score0.02129EPSS
CVE
CVE
added 2016/07/21 10:0 a.m.50 views

CVE-2016-3475

CVE-2016-3475 affects Oracle Siebel CRM 8.5.x (Oracle Knowledge component, Information Manager Console). The Nessus plugin for Oracle Siebel CRM 8.5.x

4.3CVSS4.2AI score0.01696EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.49 views

CVE-2020-2795

CVE-2020-2795 affects Oracle Knowledge, Information Manager Console, versions 8.6.0–8.6.2. The vulnerability is exploitable by a high-privilege user with logon access; exploitation requires user interaction and can lead to takeover of Oracle Knowledge. The provided documents do not include a patc...

6.3CVSS6AI score0.00723EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.48 views

CVE-2020-2932

CVE-2020-2932 affects Oracle Knowledge, Information Manager Console component, versions 8.6.0–8.6.3. The vulnerability allows an unauthenticated, network-accessible attacker over HTTP to cause a hang or frequent crashes (complete DoS) of Oracle Knowledge. The root cause is described as a vulnerab...

5.9CVSS5.5AI score0.01477EPSS
CVE
CVE
added 2016/07/21 10:0 a.m.39 views

CVE-2016-3476

Oracle Siebel CRM 8.5.x is affected by CVE-2016-3476 in the Oracle Knowledge component (Information Manager Console). The Nessus entry cites an unauthenticated attacker with network access via HTTP who can compromise Oracle Knowledge, potentially resulting in unauthorized update/insert/delete of ...

6.5CVSS5.9AI score0.01917EPSS