Lucene search
+L
OracleWebcenter Sites

64 matches found

CVE
CVE
added 2020/04/29 12:0 a.m.7251 views

CVE-2020-11023

The connected Astra Linux bulletin confirms CVE-2020-11023: in jQuery versions >= 1.0.3 and < 3.5.0, passing HTML containing elements from untrusted sources to DOM manipulation methods (e.g., .html(), .append()) may lead to untrusted code execution. Patch released in jQuery 3.5.0. Remediat...

6.9CVSS7.2AI score0.8383EPSS
In wild
CVE
CVE
added 2018/01/18 11:0 p.m.3361 views

CVE-2015-9251

CVE-2015-9251 affects jQuery before 3.0.0, enabling XSS when a cross-domain Ajax request omits the dataType option and text/javascript responses are executed. Connected advisories confirm the issue and indicate an upgrade resolves it; remediation is to upgrade jQuery to a fixed version as provide...

6.1CVSS6.3AI score0.29726EPSS
Web
CVE
CVE
added 2019/04/19 12:0 a.m.3116 views

CVE-2019-11358

CVE-2019-11358 is a prototype pollution vulnerability in jQuery (before 3.4.0) where mishandling of extend(true, {}, ...) can extend Object.prototype if an unsanitized source object has an enumerable proto property. The Core issue is triggered when a polluted prototype is introduced via nested ob...

6.1CVSS6.4AI score0.87218EPSS
In wild
CVE
CVE
added 2017/10/03 3:0 p.m.1609 views

CVE-2017-12617

CVE-2017-12617 concerns Apache Tomcat JSP upload via HTTP PUT when readonly=false and PUTs are allowed. Affected: Tomcat 7.x/8.x/9.x (various 7.0.0–7.0.81, 8.0.0.RC1–8.0.46, 8.5.0–8.5.22, 9.0.0.M1–9.0.0) with PUT enabled. Root cause: PUT request handling allowed uploading a JSP, enabling remote c...

8.1CVSS7.5AI score0.99988EPSS
In wild
CVE
CVE
added 2021/12/18 11:55 a.m.1191 views

CVE-2021-45105

Summary of CVE-2021-45105 (Log4j2) : Affected Log4j 2.x versions 2.0-alpha1 through 2.16.0 (except 2.12.3 and 2.3.1) are vulnerable to denial of service via uncontrolled recursion triggered by self-referential lookups in Thread Context Map data. The root cause is improper handling of self-referen...

5.9CVSS7.7AI score0.99999EPSS
In wildWeb
CVE
CVE
added 2021/01/26 8:39 p.m.649 views

CVE-2021-26272

CVE-2021-26272 is a ReDoS in CKEditor 4 Autolink: by pasting crafted URL-like text and pressing Enter/Space, a victim can trigger a denial-of-service. The publicly documented detail confirms CKEditor 4.x up to before 4.16 is affected; remediation is to upgrade to CKEditor 4.16+ or apply a fix as ...

6.5CVSS6.6AI score0.02223EPSS
CVE
CVE
added 2019/07/26 12:0 a.m.591 views

CVE-2019-13990

CVE-2019-13990 affects Terracotta Quartz Scheduler within Atlassian Jira Service Management Data Center/Server and related Oracle Fusion Middleware deployments, via XXE in the Terracotta Quartz Scheduler component when parsing a job description. The root cause is an XML External Entity condition ...

9.8CVSS9AI score0.162EPSS
CVE
CVE
added 2021/01/26 8:39 p.m.566 views

CVE-2021-26271

CVE-2021-26271 affects CKEditor 4 before 4.16. An attacker could trigger a ReDoS-type DoS by persuading a victim to paste crafted text into the Styles input of dialogs (Advanced Tab in the Dialogs plugin). Affected versions are CKEditor 4.x prior to 4.16; remediation is to upgrade to 4.16 or newe...

6.5CVSS6.6AI score0.01962EPSS
CVE
CVE
added 2021/05/28 9:0 p.m.487 views

CVE-2021-29505

CVE-2021-29505 affects XStream (Java XML serialization) in versions before 1.4.17. The public docs indicate the fix is in 1.4.17; multiple advisories (Debian, Fedora, Amazon Linux, Astra Linux) reference this CVE in the context of libxstream-java. Atlassian Jira Server/Data Center reports indicat...

8.8CVSS8.2AI score0.77735EPSS
CVE
CVE
added 2020/03/10 5:50 p.m.417 views

CVE-2020-5258

CVE-2020-5258 affects the Dojo NPM package where the deepCopy function is vulnerable to Prototype Pollution. The root cause is injection of properties into native JavaScript prototypes, allowing an attacker to mutate a base object’s prototype. Patched versions are 1.12.8, 1.13.7, 1.14.6, 1.15.3 a...

7.7CVSS7.7AI score0.0399EPSS
CVE
CVE
added 2019/10/12 8:7 p.m.414 views

CVE-2019-17531

CVE-2019-17531 affects FasterXML jackson-databind 2.0.0–2.9.10; when Default Typing is enabled for an externally exposed JSON endpoint and apache-log4j-extra 1.2.x is on the classpath, an attacker capable of providing a JNDI service can trigger remote code execution. Connected documents corrobora...

9.8CVSS9.2AI score0.05373EPSS
CVE
CVE
added 2014/04/15 5:0 p.m.364 views

CVE-2014-0107

CVE-2014-0107 concerns the TransformerFactory in Apache Xalan-Java before 2.7.2, which does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, potentially allowing remote attackers to bypass restrictions and load arbitrary classes or access external reso...

7.5CVSS8.3AI score0.13809EPSS
CVE
CVE
added 2019/10/01 4:6 p.m.347 views

CVE-2019-16943

CVE-2019-16943 affects FasterXML jackson-databind (versions 2.0.0–2.9.10) via a polymorphic typing flaw that, when Default Typing is enabled for an exposed JSON endpoint and a p6spy P6DataSource is present in the classpath with an accessible RMI endpoint, can lead to remote code execution. The ro...

9.8CVSS9.3AI score0.04901EPSS
CVE
CVE
added 2019/10/23 7:27 p.m.346 views

CVE-2019-12415

CVE-2019-12415 affects Apache POI up to version 4.1.0. The vulnerability arises when using the tool XSSFExportToXml to convert user-supplied Excel documents, allowing an attacker to read local filesystem or internal network resources via XML External Entity (XXE) processing. The Connected documen...

5.5CVSS6.7AI score0.0099EPSS
CVE
CVE
added 2019/10/01 4:4 p.m.327 views

CVE-2019-16942

CVE-2019-16942 affects FasterXML jackson-databind 2.0.0–2.9.10. When Default Typing is enabled for an externally exposed JSON endpoint and the service includes the commons-dbcp 1.4 jar on the classpath, with an accessible RMI endpoint, the vulnerability can allow execution of a malicious payload ...

9.8CVSS9.4AI score0.05728EPSS
CVE
CVE
added 2021/08/12 4:25 p.m.277 views

CVE-2021-32808

CKEditor 4.x clipboard Widget plugin vulnerability (CVE-2021-32808) arises from improper validation of widget HTML when used with the undo feature, allowing a remote attacker to trigger JavaScript execution in the victim’s browser. Affected: CKEditor 4 plugins with version >= 4.13.0. Remediati...

7.6CVSS6.1AI score0.01192EPSS
CVE
CVE
added 2018/10/18 10:0 p.m.231 views

CVE-2018-15756

CVE-2018-15756 (Spring Framework) affects Spring Web MVC/WebFlux ranges handling: the ResourceHttpRequestHandler, or returning a Resource from an annotated controller, can be abused by a crafted Range header to trigger a denial-of-service. Affected versions include Spring Framework 5.1, 5.0.x bef...

7.5CVSS7.3AI score0.09513EPSS
CVE
CVE
added 2015/08/13 2:0 p.m.198 views

CVE-2015-3253

CVE-2015-3253 affects Apache Groovy 1.7.0–2.4.3. The vulnerability resides in deserialization via crafted serialized objects in the MethodClosure.java runtime, enabling remote code execution or DoS. Exploitation was reported across multiple advisories; F5 and other vendors reference the same issu...

9.8CVSS9.5AI score0.42983EPSS
Web
CVE
CVE
added 2019/04/22 8:52 p.m.198 views

CVE-2019-5427

CVE-2019-5427 affects c3p0, where versions older than 0.9.5.4 are vulnerable to a billion laughs (XML entity expansion) attack when loading XML configuration due to missing protections against recursive entity expansion. Public sources in connected documents confirm the issue exists in c3p0

7.5CVSS7.2AI score0.04882EPSS
CVE
CVE
added 2020/01/24 2:17 p.m.196 views

CVE-2020-7226

Technical details for CVE-2020-7226 are not provided in the connected documents. The initial description notes memory exhaustion in Cryptacular’s CiphertextHeader during decode, but no version/vendor specifics beyond Cryptacular 1.2.3. Monitor for updates.

7.5CVSS7.3AI score0.03334EPSS
CVE
CVE
added 2021/03/19 4:5 p.m.191 views

CVE-2021-27906

CVE-2021-27906 affects Apache PDFBox; a crafted PDF can trigger an OutOfMemoryError when loading, impacting PDFBox 2.0.22 and earlier 2.0.x. The connected IBM/QRadar security bulletin confirms the same CVE ID and notes remediation: upgrade to IBM Cognos-related 2.0.6.12, then apply FixPack 2.0.6....

5.5CVSS5.6AI score0.03337EPSS
CVE
CVE
added 2021/03/19 4:5 p.m.188 views

CVE-2021-27807

CVE-2021-27807 affects Apache PDFBox 2.0.22 and earlier 2.0.x. The issue arises when loading a crafted PDF, triggering an infinite loop and causing denial of service. Connected IBM advisories confirm the same description and map remediation to upgrading to fixed PDFBox versions via product-specif...

5.5CVSS5.6AI score0.02979EPSS
CVE
CVE
added 2019/04/17 2:7 p.m.155 views

CVE-2019-0228

CVE-2019-0228 affects Apache PDFBox 2.0.14, enabling an XML External Entity (XXE) attack via crafted XFDF. IBM advisories fix the vulnerability by upgrading IBM Operations Analytics - Log Analysis to version 1.3.7 (PDFBox handling) and Fedora advisories show a PDFBox update to 2.0.16. The vulnera...

9.8CVSS8.9AI score0.09451EPSS
CVE
CVE
added 2013/09/30 9:0 p.m.131 views

CVE-2013-4316

CVE-2013-4316 affects Apache Struts 2.0.0–2.3.15.1, where Dynamic Method Invocation is enabled by default, enabling remote code execution with OGNL-parameter crafted requests. The IBM and related advisories confirm this vulnerability and reference the same CVE, describing the impact as remote cod...

10CVSS7.8AI score0.08333EPSS
CVE
CVE
added 2018/04/19 2:0 a.m.111 views

CVE-2018-2791

Oracle WebCenter Sites (FatWire Content Server) within Oracle Fusion Middleware (Advanced UI) is affected by CVE-2018-2791, with impacted versions 11.1.1.8.0, 12.2.1.2.0 and 12.2.1.3.0. The connected documents describe multiple cross‑site scripting (XSS) vulnerabilities that could allow an unauth...

8.2CVSS7.8AI score0.3945EPSS
CVE
CVE
added 2018/10/17 1:0 a.m.98 views

CVE-2018-3238

Oracle Fusion Middleware WebCenter Sites 11.1.1.8.0 is affected by a cross-site scripting vulnerability in the WebCenter Sites component (subcomponent: Advanced UI). The vulnerability, described as easily exploitable, could allow a high-privileged attacker with network access over HTTP to execute...

6.9CVSS6.3AI score0.04579EPSS
CVE
CVE
added 2019/04/23 6:16 p.m.98 views

CVE-2019-2578

Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0 (Advanced UI) is affected by CVE-2019-2578 due to broken access control. This could let an unauthenticated attacker with network access over HTTP gain unauthorized access to data across the WebCenter Sites instance. The CVSSv3 base score is 8.6 ...

8.6CVSS7.7AI score0.72402EPSS
CVE
CVE
added 2019/04/23 6:16 p.m.85 views

CVE-2019-2579

Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0 is affected by CVE-2019-2579, tied to a SQL injection vulnerability in the WebCenter Sites component (Advanced UI). The Nuclei template confirms a SQLi condition that is exploitable by a low-privileged attacker with network access over HTTP, pot...

4.3CVSS3AI score0.06079EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.83 views

CVE-2017-10033

CVE-2017-10033 affects Oracle WebCenter Sites (Support Tools subcomponent) in Oracle Fusion Middleware. Vulnerable versions are 11.1.1.8.0 and 12.2.1.2.0. The issue enables an unauthenticated attacker with access to the hosting infrastructure to perform unauthorized read, update, insert, or delet...

4CVSS3AI score0.02327EPSS
Web
CVE
CVE
added 2020/01/15 4:33 p.m.75 views

CVE-2020-2538

CVE-2020-2538 affects Oracle WebCenter Sites (component: Advanced UI) in Oracle Fusion Middleware, with affected version 12.2.1.3.0. The vulnerability description indicates unauthenticated network access via HTTP, requiring user interaction, and potentially unauthorized data updates/deletes, read...

7.1CVSS6.7AI score0.01088EPSS
CVE
CVE
added 2017/04/24 7:0 p.m.73 views

CVE-2017-3543

CVE-2017-3543 affects Oracle WebCenter Sites Server component in Oracle Fusion Middleware (versions 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0, 12.2.1.2.0). An unauthenticated attacker with network access via HTTP can compromise data confidentiality, integrity, and availability. The vulnerability is desc...

9CVSS7.8AI score0.02295EPSS
CVE
CVE
added 2024/01/16 9:41 p.m.67 views

CVE-2024-20908

Oracle WebCenter Sites (12.2.1.4.0) is affected by a vulnerability in the Advanced UI that allows an unauthenticated attacker with network access over HTTP to potentially modify or read data. The issue requires user interaction and may impact other Oracle Fusion Middleware products (scope change)...

6.1CVSS5.6AI score0.00327EPSS
CVE
CVE
added 2017/04/24 7:0 p.m.65 views

CVE-2017-3540

Oracle WebCenter Sites within Oracle Fusion Middleware (Server subcomponent) is affected by CVE-2017-3540. Affected versions: 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0, 12.2.1.2.0. The vulnerability allows an unauthenticated attacker with network access via HTTP to cause a hang or crash (DOS) and perfor...

8.6CVSS7.6AI score0.01849EPSS
CVE
CVE
added 2017/04/24 7:0 p.m.64 views

CVE-2017-3595

The CVE-2017-3595 entry concerns Oracle WebCenter Sites within Oracle Fusion Middleware (subcomponent: Advanced UI). Affected versions are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. The vulnerability allows a low-privilege, network-accessible attacker (via HTTP) to compromise the system, ...

7.5CVSS6.8AI score0.01583EPSS
CVE
CVE
added 2017/04/24 7:0 p.m.64 views

CVE-2017-3603

Oracle WebCenter Sites (Oracle Fusion Middleware) contains CVE-2017-3603 in the Advanced UI subcomponent. Affected versions are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. The description states a difficult-to-exploit vulnerability that allows a low-privileged, network-accessible attacker ...

3.5CVSS3AI score0.01046EPSS
CVE
CVE
added 2017/04/24 7:0 p.m.62 views

CVE-2017-3596

Oracle WebCenter Sites (part of Oracle Fusion Middleware) is affected in versions 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0, and 12.2.1.2.0 within the Advanced UI subcomponent. The CVE-2017-3596 issue is described as an easily exploitable vulnerability allowing a low-privileged, network-accessible attac...

7.6CVSS7.1AI score0.0159EPSS
CVE
CVE
added 2017/04/24 7:0 p.m.59 views

CVE-2017-3541

CVE-2017-3541 : A vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Server) affects 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. An unauthenticated attacker with network access over HTTP can compromise Oracle WebCenter Sites, potentially result...

8.2CVSS7.8AI score0.01954EPSS
CVE
CVE
added 2017/04/24 7:0 p.m.59 views

CVE-2017-3545

Vulnerability CVE-2017-3545 affects Oracle WebCenter Sites (Fusion Middleware) subcomponent Blob Server. Affected versions: 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0, 12.2.1.2.0. The issue allows an unauthenticated attacker with network access over HTTP to compromise the system, enabling unauthorized cr...

8.5CVSS7.3AI score0.01756EPSS
CVE
CVE
added 2017/04/24 7:0 p.m.59 views

CVE-2017-3554

CVE-2017-3554 affects Oracle WebCenter Sites (Oracle Fusion Middleware) under the Catalog Mover subcomponent. Affected versions: 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. The vulnerability enables a low-privileged attacker who can access the service over HTTP from the network to compromi...

8.1CVSS7.8AI score0.01764EPSS
CVE
CVE
added 2020/01/15 4:33 p.m.59 views

CVE-2020-2539

CVE-2020-2539 affects Oracle WebCenter Sites (Advanced UI) in Oracle Fusion Middleware, vulnerable in version 12.2.1.3.0. An unauthenticated attacker with network access via HTTP can compromise data, with successful attacks enabling unauthorized update/insert/delete and read access to WebCenter S...

6.1CVSS5.7AI score0.0109EPSS
CVE
CVE
added 2017/04/24 7:0 p.m.58 views

CVE-2017-3593

Technical details about CVE-2017-3593 are not publicly provided in the connected documents. Monitor for updates to confirm affected products, root cause, impact, and available fixes.

7.8CVSS6.8AI score0.01939EPSS
CVE
CVE
added 2017/04/24 7:0 p.m.58 views

CVE-2017-3597

CVE-2017-3597 affects Oracle WebCenter Sites (Advanced UI) within Oracle Fusion Middleware. Affected versions are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. The vulnerability allows a low-privilege, network-access attacker to compromise WebCenter Sites via HTTP, with human interaction req...

6.3CVSS5.1AI score0.01676EPSS
CVE
CVE
added 2017/04/24 7:0 p.m.58 views

CVE-2017-3598

CVE-2017-3598 affects Oracle WebCenter Sites (Advanced UI) in Oracle Fusion Middleware. Affected versions include 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0, and 12.2.1.2.0. The vulnerability allows a low-privilege, network attacker to obtain unauthorized read access to a subset of data via HTTP. Base CV...

3.5CVSS3AI score0.01046EPSS
CVE
CVE
added 2018/01/18 2:0 a.m.58 views

CVE-2018-2584

The provided documents do not include technical details beyond the initial description for CVE-2018-2584; monitor for updates as public details remain unavailable in the supplied set.

4.3CVSS3.9AI score0.01093EPSS
CVE
CVE
added 2020/07/15 5:34 p.m.58 views

CVE-2020-14613

CVE-2020-14613 affects Oracle WebCenter Sites (Oracle Fusion Middleware) in the Advanced User Interface component. Affected are 12.2.1.3.0 and 12.2.1.4.0. The vulnerability allows an unauthenticated attacker with network access over HTTP to compromise WebCenter Sites; exploitation requires user i...

6.1CVSS5.8AI score0.01083EPSS
CVE
CVE
added 2017/04/24 7:0 p.m.57 views

CVE-2017-3594

CVE-2017-3594 affects Oracle WebCenter Sites (Advanced UI) within Oracle Fusion Middleware. The vulnerability impacts supported versions 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0, where a low-privileged, network-authenticated attacker can exploit via HTTP to gain unauthorized access to da...

7CVSS5.8AI score0.01443EPSS
CVE
CVE
added 2017/04/24 7:0 p.m.57 views

CVE-2017-3602

CVE-2017-3602 concerns Oracle WebCenter Sites (Oracle Fusion Middleware), specifically the Advanced UI subcomponent. Affected versions are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. The vulnerability allows a low-privileged, network-accessing attacker (via HTTP) to compromise WebCenter Si...

8.5CVSS7.8AI score0.01959EPSS
CVE
CVE
added 2017/04/24 7:0 p.m.56 views

CVE-2017-3542

CVE-2017-3542 affects Oracle WebCenter Sites (Oracle Fusion Middleware) Server subcomponent; affected versions 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0, 12.2.1.2.0. It allows an unauthenticated attacker over HTTP to access/modify data and cause partial DOS. CVSSv3.0 base score 8.6 (HIGH). Remediation: ...

9CVSS7.8AI score0.02295EPSS
CVE
CVE
added 2017/04/24 7:0 p.m.56 views

CVE-2017-3591

CVE-2017-3591 affects Oracle WebCenter Sites (Oracle Fusion Middleware) in the Catalog Mover subcomponent. Affects listed versions: 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. The vulnerability can be exploited by an unauthenticated remote attacker over HTTP, with user interaction required...

7.1CVSS6.3AI score0.01601EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.56 views

CVE-2020-2739

Oracle WebCenter Sites (component: Advanced UI) in Fusion Middleware, version 12.2.1.3.0, is affected by CVE-2020-2739. Multiple sources confirm an unauthenticated attacker with network access over HTTP can compromise the product, with human interaction required for exploitation; impact includes ...

7.4CVSS7.2AI score0.01865EPSS
Total number of security vulnerabilities64