Oracle

Jd Edwards Enterpriseone Tools

147 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2019-17531

  • EPSS 1.19%
  • Published 12.10.2019 21:15:08
  • Last modified 21.11.2024 04:32:27

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-ext...

9.8

CVE-2019-16942

  • EPSS 0.44%
  • Published 01.10.2019 17:15:10
  • Last modified 21.11.2024 04:31:23

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1....

9.8

CVE-2019-16943

  • EPSS 1.84%
  • Published 01.10.2019 17:15:10
  • Last modified 21.11.2024 04:31:23

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) ja...

7.5

CVE-2019-10086

  • EPSS 0.26%
  • Published 20.08.2019 21:15:12
  • Last modified 21.11.2024 04:18:22

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by defa...

7.5

CVE-2019-14439

  • EPSS 9.41%
  • Published 30.07.2019 11:15:11
  • Last modified 21.11.2024 04:26:44

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logbac...

9.8

CVE-2019-14379

  • EPSS 1.46%
  • Published 29.07.2019 12:15:16
  • Last modified 21.11.2024 04:26:37

SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.

4.3

CVE-2019-2564

  • EPSS 0.28%
  • Published 23.04.2019 19:32:48
  • Last modified 21.11.2024 04:41:06

Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network acces...

6.1

CVE-2019-11358

Exploit
  • EPSS 2.4%
  • Published 20.04.2019 00:29:00
  • Last modified 21.11.2024 04:20:56

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the n...

7.5

CVE-2018-12022

  • EPSS 2.93%
  • Published 21.03.2019 16:00:12
  • Last modified 21.11.2024 03:44:25

An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in ...

7.5

CVE-2018-12023

  • EPSS 4.9%
  • Published 21.03.2019 16:00:12
  • Last modified 21.11.2024 03:44:26

An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provid...