Oracle

Jd Edwards Enterpriseone Tools

147 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2018-2658

  • EPSS 0.51%
  • Veröffentlicht 18.01.2018 02:29:21
  • Zuletzt bearbeitet 21.11.2024 04:04:10

Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime SEC). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network ...

6.1

CVE-2018-2659

  • EPSS 0.51%
  • Veröffentlicht 18.01.2018 02:29:21
  • Zuletzt bearbeitet 21.11.2024 04:04:10

Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime SEC). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network ...

6.2

CVE-2017-15707

  • EPSS 2.48%
  • Veröffentlicht 01.12.2017 16:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload.

7.5

CVE-2016-8610

  • EPSS 69.1%
  • Veröffentlicht 13.11.2017 22:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL ser...

7.5

CVE-2017-3730

Exploit
  • EPSS 46.04%
  • Veröffentlicht 04.05.2017 19:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial o...

6.5

CVE-2017-3517

  • EPSS 0.95%
  • Veröffentlicht 24.04.2017 19:59:03
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime SEC). The supported version that is affected is 9.2. Easily "exploitable" vulnerability allows unauthenticated attacker with networ...

9.8

CVE-2017-5645

  • EPSS 94.01%
  • Veröffentlicht 17.04.2017 21:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.

6.5

CVE-2015-1793

  • EPSS 82.59%
  • Veröffentlicht 09.07.2015 19:17:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers t...

7.5

CVE-2014-6565

  • EPSS 0.69%
  • Veröffentlicht 21.01.2015 15:28:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 9.1.5 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Portal SEC.

4

CVE-2011-2317

  • EPSS 0.15%
  • Veröffentlicht 18.01.2012 22:55:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote authenticated users to affect integrity, related to Enterprise Infrastucture SEC (JDNET).