Weblogic Server@12.2.1.3 Security Vulnerabilities and Issues — Weblogic Server@12.2.1.3 CVE List

Lucene search

OracleWeblogic Server12.2.1.3

16 matches found

CVE•added 2018/01/18 11:29 p.m.•2410 views

CVE-2015-9251

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

6.1CVSS6.3AI score0.11287EPSS

CVE•added 2018/04/19 2:29 a.m.•1206 views

CVE-2018-2628

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to c...

9.8CVSS9.3AI score0.94409EPSS

CVE•added 2018/07/18 1:29 p.m.•325 views

CVE-2018-2894

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported versions that are affected are 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

9.8CVSS9.1AI score0.94307EPSS

CVE•added 2018/07/18 1:29 p.m.•285 views

CVE-2018-2893

9.8CVSS9.1AI score0.93995EPSS

CVE•added 2018/07/09 8:29 p.m.•242 views

CVE-2018-1000613

Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deseri...

9.8CVSS8.6AI score0.06209EPSS

CVE•added 2018/05/11 8:29 p.m.•221 views

CVE-2018-1258

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.

8.8CVSS9AI score0.00221EPSS

CVE•added 2018/05/07 1:29 p.m.•123 views

CVE-2018-1313

In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a database whose location and contents are under the user's control. If the Derby Network Server is not running with a Java Security Manager policy file, the attack is s...

5.3CVSS6.2AI score0.00627EPSS

CVE•added 2017/12/01 4:29 p.m.•86 views

CVE-2017-15707

In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload.

6.2CVSS6.2AI score0.02511EPSS

CVE•added 2018/10/17 1:31 a.m.•64 views

CVE-2018-3246

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported versions that are affected are 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle We...

7.5CVSS7.4AI score0.02248EPSS

CVE•added 2018/07/18 1:29 p.m.•59 views

CVE-2018-2935

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: JSF). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Orac...

8.3CVSS8AI score0.01258EPSS

CVE•added 2019/01/16 7:30 p.m.•59 views

CVE-2019-2398

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Deployment). Supported versions that are affected are 10.3.6.0, 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Or...

4.3CVSS4.4AI score0.00222EPSS

CVE•added 2018/07/18 1:29 p.m.•55 views

CVE-2018-2998

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: SAML). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Orac...

5.5CVSS5.1AI score0.00208EPSS

CVE•added 2019/01/16 7:30 p.m.•55 views

CVE-2019-2452

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromis...

6.7CVSS6.9AI score0.00498EPSS

CVE•added 2019/01/16 7:30 p.m.•48 views

CVE-2019-2441

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Application Container - JavaEE). The supported version that is affected is 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle We...

5.3CVSS4.9AI score0.01003EPSS

CVE•added 2018/07/18 1:29 p.m.•45 views

CVE-2018-2987

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Console). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise ...

6.1CVSS5.9AI score0.00458EPSS

CVE•added 2019/01/16 7:30 p.m.•45 views

CVE-2019-2418

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0 and 12.2.1.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via T3 to compromis...

6.8CVSS6.7AI score0.00659EPSS