CVSS: 5.0EPSS: 51%CPEs: 8EXPL: 1CVE-2013-3827 – Oracle GlassFish Server 2.1.1/3.0.1 - Multiple Subcomponent Resource Identifier Traversal Arbitrary File Access
https://notcve.org/view.php?id=CVE-2013-3827
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.3.0, 11.1.2.4.0, and 12.1.2.0.0; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.1 allows remote attackers to affect confidentiality via unknown vectors related to Java Server Faces or Web Container. Vulnerabilidad no especificada en el componente de Oracle GlassFish Server en Oracle Fusion Middleware 2.1.1, 3.0.1 y 3.1.2, el componente de Oracle JDeveloper de Oracle Fusion Middleware 11.1.2.3.0, 11.1.2.4.0 y 12.1.2.0. 0, y el componente de Oracle WebLogic Server en Oracle Fusion Middleware 10.3.6.0 y 12.1.1 que permite a atacantes remotos afectar la confidencialidad a través de vectores desconocidos relacionados con Java Server Faces o el Web Container. • https://www.exploit-db.com/exploits/38802 http://rhn.redhat.com/errata/RHSA-2014-0029.html http://www.kb.cert.org/vuls/id/526012 http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html http://www.securityfocus.com/bid/63052 http://www.securitytracker.com/id/1029190 https://access.redhat.com/security/cve/CVE-2013-3827 https://bugzilla.redhat.com/show_bug.cgi?id=1038898 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.0EPSS: 91%CPEs: 2EXPL: 0CVE-2013-3828 – Oracle BPEL Process Manager ScriptServlet Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-3828
Unspecified vulnerability in the Oracle Web Services component in Oracle Fusion Middleware 10.1.3.5.0 and 11.1.1.6.0 allows remote attackers to affect confidentiality via unknown vectors related to Test Page. Vulnerabilidad no especificada en el componente Oracle Web Services de Oracle Fusion Middleware 10.1.3.5.0 y 11.1.1.6.0 permite a atacantes remotos afectar la confidencialidad a través de vectores relacionados con Test Page. This vulnerability allows remote attackers to obtain sensitive information on vulnerable installations of Oracle BPEL Process Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ScriptServlet. It suffers of a directory traversal vulnerability inside the query string which can lead to disclosure of credentials. • http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html http://www.securitytracker.com/id/1029190 •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2013-2390
https://notcve.org/view.php?id=CVE-2013-2390
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2, 10.3.5, 10.3.6, and 12.1.1 allows remote attackers to affect integrity via unknown vectors related to WebLogic Console, a different vulnerability than CVE-2013-1504. Vulnerabilidad sin especificar en el componente Oracle WebLogic Server en Oracle Fusion Middleware 10.0.2, 10.3.5, 10.3.6, y 12.1.1, permite a atacantes remotos comprometer la integridad a través de vectores desconocidos relacionados con Wevlogic Console. Vulnerabilidad distinta de CVE-2013-1504. • http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2013-1514
https://notcve.org/view.php?id=CVE-2013-1514
Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5 allows remote authenticated users to affect integrity via vectors related to RMI Support. Vulnerabilidad no especificada en el Oracle Containers para el componente J2EE en Oracle Fusion Middleware v10.1.3.5 permite a atacantes remotos afectar la integridad mediante vectores relacionados con RMI Support. • http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2013-1529
https://notcve.org/view.php?id=CVE-2013-1529
Unspecified vulnerability in the Oracle WebCenter Interaction component in Oracle Fusion Middleware 6.5.1 and 10.3.3.0 allows remote attackers to affect integrity via unknown vectors related to Image Service. Vulnerabilidad no especificada en el componente Oracle WebCenter Interaction en Oracle Fusion Middleware v6.5.1 y v10.3.3.0 permite a atacantes remotos afectar a la integridad a través de vectores desconocidos relacionados con el servicio de Image Service. • http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html •