CVSS: 9.8EPSS: 94%CPEs: 174EXPL: 2CVE-2017-5645 – log4j: Socket receiver deserialization vulnerability
https://notcve.org/view.php?id=CVE-2017-5645
17 Apr 2017 — In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. En Apache Log4j 2.x en versiones anteriores a 2.8.2, cuando se utiliza el servidor de socket TCP o el servidor de socket UDP para recibir sucesos de registro serializados de otra aplicación, puede enviarse una carga binaria especialmente diseñada que, cuando se des... • https://github.com/pimps/CVE-2017-5645 • CWE-502: Deserialization of Untrusted Data •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5506
https://notcve.org/view.php?id=CVE-2016-5506
25 Oct 2016 — Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware allows local users to affect confidentiality and integrity via vectors related to App Server. Vulnerabilidad no especificada en el componente Oracle Identity Manager en Oracle Fusion Middleware permite a usuarios locales afectar la confidencialidad y la integridad a través de vectores relacionados con App Server. • http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html • CWE-284: Improper Access Control •
CVSS: 6.1EPSS: 15%CPEs: 1EXPL: 2CVE-2014-2880 – Oracle Identity Manager 11g R2 SP1 (11.1.2.1.0) - Unvalidated Redirects
https://notcve.org/view.php?id=CVE-2014-2880
17 Apr 2014 — Open redirect vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backUrl parameter in a changepwd action to identity/faces/firstlogin. Una vulnerabilidad de redireccionamiento abierto en el componente Oracle Identity Manager en Oracle Fusion Middleware versiones 11.1.1.5, 11.1.1.7, 11.1.2.1 y 11.1.2.2, permite a los atacante... • https://www.exploit-db.com/exploits/32670 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2014-2411
https://notcve.org/view.php?id=CVE-2014-2411
16 Apr 2014 — Unspecified vulnerability in the Oracle Identity Analytics component in Oracle Fusion Middleware Oracle Identity Analytics 11.1.1.5 and Sun Role Manager 5.0 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Security. Vulnerabilidad no especificada en el componente Oracle Identity Analytics en Oracle Fusion Middleware Oracle Identity Analytics 11.1.1.5 y Sun Role Manager 5.0 permite a usuarios remotos autenticados afectar la confidencialid... • http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2013-5815
https://notcve.org/view.php?id=CVE-2013-5815
16 Oct 2013 — Unspecified vulnerability in the Oracle Identity Analytics component in Oracle Fusion Middleware Oracle Identity Analytics 11.1.1.5 and Sun Role Manager 4.1 and 5.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security. Vulnerabilidad no especificada en el componente Oracle Identiy Analytics Oracle Identity Analytics 11.1.1.5 y Sun Role Manager 4.1 y 5.0 permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a tra... • http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html •