5 matches found
CVE-2019-10086
CVE-2019-10086 affects Apache Commons BeanUtils 1.9.2, where a BeanIntrospector addition could suppress access to the classloader via the class property on Java objects. The issue stems from not applying the suppression by default in PropertyUtilsBean, enabling potential risk across affected depl...
CVE-2020-6950
Summary of CVE-2020-6950 (Eclipse Mojarra Local File Read) The Nuclei template confirms a directory traversal vulnerability in Eclipse Mojarra before 2.3.14 that allows reading arbitrary files via the loc or con parameter. Affected component is Mojarra (JavaServer Faces) in versions prior to 2.3....
CVE-2019-17091
CVE-2019-17091 affects Eclipse Mojarra (used in Mojarra for Eclipse EE4J) with an issue in faces/context/PartialViewContextImpl.java that allows Reflected XSS. Affected versions are Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20. The root cause is mishandling of...
CVE-2021-2239
The CVE-2021-2239 entry corresponds to a vulnerability in Oracle E-Business Suite Time and Labor (Timecard). Affected are Oracle E-Business Suite versions 12.1.1–12.1.3 and 12.2.3–12.2.10. The issue allows a low-privilege, network-accessible attacker over HTTP to compromise Time and Labor, leadin...
CVE-2021-2415
CVE-2021-2415 affects Oracle E-Business Suite Time and Labor (Timecard). Affected versions are 12.1.1–12.1.3 and 12.2.3–12.2.10. The vulnerability allows a low-privilege attacker who can access over the network via HTTP to compromise Time and Labor, potentially leading to unauthorized creation, d...