CVSS: 5.3EPSS: 97%CPEs: 93EXPL: 0CVE-2009-0217 – xml-security-1.3.0-1jpp.ep1.*: XMLDsig HMAC-based signatures spoofing and authentication bypass
https://notcve.org/view.php?id=CVE-2009-0217
14 Jul 2009 — The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.... • http://blogs.sun.com/security/entry/cert_vulnerability_note_vu_466161 •
CVSS: 8.5EPSS: 0%CPEs: 65EXPL: 0CVE-2008-4014
https://notcve.org/view.php?id=CVE-2008-4014
14 Jan 2009 — Unspecified vulnerability in the Oracle BPEL Process Manager component in Oracle Application Server allows remote authenticated users to affect confidentiality and integrity via unknown vectors. Vulnerabilidad sin especificar en el componente Oracle BPEL Process Manager en Oracle Application Server None permite a usuarios remotamente autentificados afectar la confidencialidad e integridad mediante vectores desconocidos. • http://secunia.com/advisories/33525 •