CVSS: 7.5EPSS: 88%CPEs: 1EXPL: 0CVE-2014-4249 – Oracle Business Intelligence Mobile App Designer UIXCacheResourceServlet Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2014-4249
Unspecified vulnerability in the BI Publisher component in Oracle Fusion Middleware 11.1.1.7 allows remote attackers to affect confidentiality via unknown vectors related to Mobile Service. Vulnerabilidad no especificada en el componente BI Publisher en Oracle Fusion Middleware 11.1.1.7 permite a atacantes remotos afectar la confidencialidad a través de vectores desconocidos relacionados con Mobile Service. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Business Intelligence Mobile App Designer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UIXCacheResourceServlet servlet. The issue lies in the ability to download arbitrary files using a directory traversal vulnerability. • http://seclists.org/fulldisclosure/2014/Dec/23 http://secunia.com/advisories/59111 http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html http://www.securityfocus.com/archive/1/534161/100/0/threaded http://www.securityfocus.com/bid/68605 http://www.vmware.com/security/advisories/VMSA-2014-0012.html https://exchange.xforce.ibmcloud.com/vulnerabilities/94550 •
CVSS: 4.3EPSS: 1%CPEs: 7EXPL: 0CVE-2014-4241
https://notcve.org/view.php?id=CVE-2014-4241
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect integrity via vectors related to WLS - Web Services. Vulnerabilidad no especificada en el componente Oracle WebLogic Server en Oracle Fusion Middleware 10.0.2.0 y 10.3.6.0 permite a atacantes remotos afectar la integridad a través de vectores relacionados con WLS - Web Services. • http://seclists.org/fulldisclosure/2014/Dec/23 http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html http://www.securityfocus.com/archive/1/534161/100/0/threaded http://www.securityfocus.com/bid/68649 http://www.vmware.com/security/advisories/VMSA-2014-0012.html https://exchange.xforce.ibmcloud.com/vulnerabilities/94559 •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2014-4242
https://notcve.org/view.php?id=CVE-2014-4242
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect integrity via unknown vectors related to Console. Vulnerabilidad no especificada en el componente Oracle WebLogic Server en Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0 y 12.1.2.0 permite a atacantes remotos afectar la integridad a través de vectores relacionados con Console. • http://seclists.org/fulldisclosure/2014/Dec/23 http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html http://www.securityfocus.com/archive/1/534161/100/0/threaded http://www.securityfocus.com/bid/68641 http://www.vmware.com/security/advisories/VMSA-2014-0012.html https://exchange.xforce.ibmcloud.com/vulnerabilities/94557 •
CVSS: 5.0EPSS: 1%CPEs: 4EXPL: 0CVE-2014-4253
https://notcve.org/view.php?id=CVE-2014-4253
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect availability via vectors related to WebLogic Server JVM. Vulnerabilidad no especificada en el componente Oracle WebLogic Server en Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, y 12.1.2.0 permite a atacantes remotos afectar la disponibilidad a través de vectores relacionados con WebLogic Server JVM. • http://seclists.org/fulldisclosure/2014/Dec/23 http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html http://www.securityfocus.com/archive/1/534161/100/0/threaded http://www.securityfocus.com/bid/68634 http://www.vmware.com/security/advisories/VMSA-2014-0012.html https://exchange.xforce.ibmcloud.com/vulnerabilities/94555 •
CVSS: 6.4EPSS: 1%CPEs: 3EXPL: 0CVE-2014-2493
https://notcve.org/view.php?id=CVE-2014-2493
Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.2.4.0, and 12.1.2.0.0 allows remote attackers to affect confidentiality and availability via vectors related to ADF Faces. Vulnerabilidad no especificada en el componente Oracle JDeveloper en Oracle Fusion Middleware 11.1.1.7.0, 11.1.2.4.0, y 12.1.2.0.0 permite a atacantes remotos afectar la confidencialidad y disponibilidad a través de vectores desconocidos relacionados con ADF Faces. • http://seclists.org/fulldisclosure/2014/Dec/23 http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html http://www.securityfocus.com/archive/1/534161/100/0/threaded http://www.vmware.com/security/advisories/VMSA-2014-0012.html •