Siebel Engineering - Installer & Deployment Security Vulnerabilities and Issues — Siebel Engineering - Installer & Deployment CVE List

Lucene search

OracleSiebel Engineering - Installer & Deployment

8 matches found

CVE•added 2020/01/17 12:15 a.m.•464 views

CVE-2020-5398

In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from use...

8CVSS7.3AI score0.90572EPSS

CVE•added 2020/01/03 4:15 a.m.•361 views

CVE-2019-20330

FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.

9.8CVSS9.2AI score0.01997EPSS

CVE•added 2019/10/12 9:15 p.m.•342 views

CVE-2019-17531

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an a...

9.8CVSS9.2AI score0.0119EPSS

CVE•added 2019/10/01 5:15 p.m.•279 views

CVE-2019-16943

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an R...

9.8CVSS9.3AI score0.01841EPSS

CVE•added 2019/10/01 5:15 p.m.•277 views

CVE-2019-16942

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find...

9.8CVSS9.4AI score0.00438EPSS

CVE•added 2019/07/29 12:15 p.m.•246 views

CVE-2019-14379

SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.

9.8CVSS9.7AI score0.01455EPSS

CVE•added 2019/01/02 6:29 p.m.•183 views

CVE-2018-14718

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.

9.8CVSS9.8AI score0.14747EPSS

CVE•added 2019/07/30 11:15 a.m.•142 views

CVE-2019-14439

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath.

7.5CVSS8.4AI score0.10318EPSS