Oracle

Primavera Gateway

59 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2018-1257

  • EPSS 1.79%
  • Veröffentlicht 11.05.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 03:59:28

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A ...

9.8

CVE-2018-1275

  • EPSS 32.45%
  • Veröffentlicht 11.04.2018 13:29:00
  • Zuletzt bearbeitet 21.11.2024 03:59:31

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A ma...

7.5

CVE-2018-1272

  • EPSS 2.17%
  • Veröffentlicht 06.04.2018 13:29:00
  • Zuletzt bearbeitet 21.11.2024 03:59:30

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a r...

5.9

CVE-2018-1271

  • EPSS 90.93%
  • Veröffentlicht 06.04.2018 13:29:00
  • Zuletzt bearbeitet 21.11.2024 03:59:30

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file s...

9.8

CVE-2018-1270

  • EPSS 89.35%
  • Veröffentlicht 06.04.2018 13:29:00
  • Zuletzt bearbeitet 21.11.2024 03:59:30

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A ma...

6.1

CVE-2015-9251

  • EPSS 9.84%
  • Veröffentlicht 18.01.2018 23:29:00
  • Zuletzt bearbeitet 21.11.2024 02:40:09

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

9.1

CVE-2017-3508

  • EPSS 2.75%
  • Veröffentlicht 24.04.2017 19:59:03
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Vulnerability in the Primavera Gateway component of Oracle Primavera Products Suite (subcomponent: Primavera Desktop Integration). Supported versions that are affected are 1.0, 1.1, 14.2, 15.1, 15.2, 16.1 and 16.2. Easily "exploitable" vulnerability ...

8.7

CVE-2017-3500

  • EPSS 0.54%
  • Veröffentlicht 24.04.2017 19:59:02
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Vulnerability in the Primavera Gateway component of Oracle Primavera Products Suite (subcomponent: Primavera Desktop Integration). Supported versions that are affected are 1.0, 1.1, 14.2, 15.1, 15.2, 16.1 and 16.2. Easily "exploitable" vulnerability ...

9.8

CVE-2017-5645

  • EPSS 94.01%
  • Veröffentlicht 17.04.2017 21:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.