CVSS: 9.8EPSS: 94%CPEs: 3EXPL: 3CVE-2021-35587 – Oracle Fusion Middleware Unspecified Vulnerability
https://notcve.org/view.php?id=CVE-2021-35587
19 Jan 2022 — Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent). Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in takeover of Oracle Access Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). • https://packetstorm.news/files/id/190368 • CWE-306: Missing Authentication for Critical Function •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2021-2358
https://notcve.org/view.php?id=CVE-2021-2358
20 Jul 2021 — Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Rest interfaces for Access Mgr). The supported version that is affected is 11.1.2.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTPS to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Access Manager accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impa... • https://www.oracle.com/security-alerts/cpujul2021.html •
CVSS: 5.8EPSS: 0%CPEs: 136EXPL: 1CVE-2021-29425 – Possible limited path traversal vulnerabily in Apache Commons IO
https://notcve.org/view.php?id=CVE-2021-29425
13 Apr 2021 — In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value. En Apache Commons IO versiones anteriores a 2.7, Cuando se invoca el método FileNameUtils.normalize con una cadena de entrada inapropiada, como... • https://issues.apache.org/jira/browse/IO-556 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.3EPSS: 1%CPEs: 11EXPL: 0CVE-2021-2018
https://notcve.org/view.php?id=CVE-2021-2018
20 Jan 2021 — Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 18c and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vul... • https://www.oracle.com/security-alerts/cpujan2021.html •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2020-2747
https://notcve.org/view.php?id=CVE-2020-2747
15 Apr 2020 — Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: SSO Engine). Supported versions that are affected are 11.1.2.3.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Access Manager, attacks may significantly impact additional products. Successful attac... • https://www.oracle.com/security-alerts/cpuapr2020.html •
CVSS: 4.3EPSS: 2%CPEs: 2EXPL: 0CVE-2020-2745
https://notcve.org/view.php?id=CVE-2020-2745
15 Apr 2020 — Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Federation). Supported versions that are affected are 11.1.2.3.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS... • https://www.oracle.com/security-alerts/cpuapr2020.html •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2020-2740
https://notcve.org/view.php?id=CVE-2020-2740
15 Apr 2020 — Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Authentication Engine). Supported versions that are affected are 11.1.2.3.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Orac... • https://www.oracle.com/security-alerts/cpuapr2020.html •
CVSS: 6.5EPSS: 1%CPEs: 429EXPL: 0CVE-2019-10219 – hibernate-validator: safeHTML validator allows XSS
https://notcve.org/view.php?id=CVE-2019-10219
08 Nov 2019 — A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack. Una vulnerabilidad fue encontrada en Hibernate-Validator. La anotación del validador SafeHtml no puede sanear apropiadamente las cargas útiles que consisten en código potencialmente malicioso en los comentarios e instrucciones HTML. • https://access.redhat.com/errata/RHSA-2020:0159 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 44%CPEs: 2EXPL: 5CVE-2018-2879 – OAMbuster Multi-Threaded CVE-2018-2879 Scanner
https://notcve.org/view.php?id=CVE-2018-2879
19 Apr 2018 — Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Authentication Engine). Supported versions that are affected are 11.1.2.3.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. While the vulnerability is in Oracle Access Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Access Man... • https://packetstorm.news/files/id/152551 •
CVSS: 6.5EPSS: 1%CPEs: 4EXPL: 0CVE-2018-2587
https://notcve.org/view.php?id=CVE-2018-2587
19 Apr 2018 — Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). Supported versions that are affected are 10.1.4.3.0, 11.1.2.3.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Access Manager accessible data as well as ... • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html •