CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2020-2961
https://notcve.org/view.php?id=CVE-2020-2961
15 Apr 2020 — Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Discovery Framework (Oracle OHS)). Supported versions that are affected are 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in takeover of Enterprise Manager Base Platform. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availabilit... • https://www.oracle.com/security-alerts/cpuapr2020.html •
CVSS: 5.3EPSS: 0%CPEs: 15EXPL: 0CVE-2020-1954 – cxf: JMX integration is vulnerable to a MITM attack
https://notcve.org/view.php?id=CVE-2020-1954
01 Apr 2020 — Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and receiv... • http://cxf.apache.org/security-advisories.data/CVE-2020-1954.txt.asc?version=1&modificationDate=1585730169000&api=v2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 1%CPEs: 52EXPL: 1CVE-2020-5397 – CSRF Attack via CORS Preflight Requests with Spring MVC or Spring WebFlux
https://notcve.org/view.php?id=CVE-2020-5397
17 Jan 2020 — Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not include credentials and therefore requests should fail authentication. However a notable exception to this are Chrome based browsers when using client certificates for authentication since Chrome sends TLS client cer... • https://pivotal.io/security/cve-2020-5397 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.0EPSS: 89%CPEs: 63EXPL: 1CVE-2020-5398 – RFD Attack via "Content-Disposition" Header Sourced from Request Input by Spring MVC or Spring WebFlux Application
https://notcve.org/view.php?id=CVE-2020-5398
16 Jan 2020 — In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input. En Spring Framework, versiones 5.2.x anteriores a 5.2.3, versiones 5.1.x anteriores a 5.1.13 y versiones 5.0.x anteriores a 5.0.16, una aplicación es vulnerable a un ataque de tipo reflected file... • https://github.com/motikan2010/CVE-2020-5398 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-494: Download of Code Without Integrity Check •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-2644
https://notcve.org/view.php?id=CVE-2020-2644
15 Jan 2020 — Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Oracle Management Service). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible dat... • https://www.oracle.com/security-alerts/cpujan2020.html •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-2645
https://notcve.org/view.php?id=CVE-2020-2645
15 Jan 2020 — Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as w... • https://www.oracle.com/security-alerts/cpujan2020.html •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2020-2646
https://notcve.org/view.php?id=CVE-2020-2646
15 Jan 2020 — Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Command Line Interface). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Enterprise Manager Base Platform, attacks may signif... • https://www.oracle.com/security-alerts/cpujan2020.html •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-2624
https://notcve.org/view.php?id=CVE-2020-2624
15 Jan 2020 — Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as w... • https://www.oracle.com/security-alerts/cpujan2020.html •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-2625
https://notcve.org/view.php?id=CVE-2020-2625
15 Jan 2020 — Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Job System). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as un... • https://www.oracle.com/security-alerts/cpujan2020.html •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-2626
https://notcve.org/view.php?id=CVE-2020-2626
15 Jan 2020 — Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Cloud Control Manager - OMS). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible d... • https://www.oracle.com/security-alerts/cpujan2020.html •