Oracle

Enterprise Manager Base Platform

120 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2020-11973

  • EPSS 8.42%
  • Veröffentlicht 14.05.2020 17:15:12
  • Zuletzt bearbeitet 21.11.2024 04:59:01

Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.

9.8

CVE-2020-10683

  • EPSS 1.96%
  • Veröffentlicht 01.05.2020 19:15:12
  • Zuletzt bearbeitet 21.11.2024 04:55:50

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any a...

7.5

CVE-2020-1967

Exploit
  • EPSS 66.69%
  • Veröffentlicht 21.04.2020 14:15:11
  • Zuletzt bearbeitet 21.11.2024 05:11:45

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occur...

9.8

CVE-2020-2961

  • EPSS 1.82%
  • Veröffentlicht 15.04.2020 14:15:37
  • Zuletzt bearbeitet 21.11.2024 05:26:44

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Discovery Framework (Oracle OHS)). Supported versions that are affected are 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows unauthen...

8.1

CVE-2020-11619

  • EPSS 1.73%
  • Veröffentlicht 07.04.2020 23:15:12
  • Zuletzt bearbeitet 21.11.2024 04:58:15

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).

8.1

CVE-2020-11620

  • EPSS 2.8%
  • Veröffentlicht 07.04.2020 23:15:12
  • Zuletzt bearbeitet 21.11.2024 04:58:15

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).

5.3

CVE-2020-1954

  • EPSS 0.1%
  • Veröffentlicht 01.04.2020 21:15:14
  • Zuletzt bearbeitet 21.11.2024 05:11:43

Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to...

8.8

CVE-2020-11111

  • EPSS 2.2%
  • Veröffentlicht 31.03.2020 05:15:13
  • Zuletzt bearbeitet 21.11.2024 04:56:48

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).

8.8

CVE-2020-11112

  • EPSS 11.42%
  • Veröffentlicht 31.03.2020 05:15:13
  • Zuletzt bearbeitet 21.11.2024 04:56:49

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).

8.8

CVE-2020-11113

  • EPSS 60.71%
  • Veröffentlicht 31.03.2020 05:15:13
  • Zuletzt bearbeitet 21.11.2024 04:56:49

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).