Oracle

Primavera Unifier

95 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2018-8032

  • EPSS 2.34%
  • Veröffentlicht 02.08.2018 13:29:00
  • Zuletzt bearbeitet 08.05.2025 18:13:51

Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.

6.5

CVE-2018-2968

  • EPSS 1%
  • Veröffentlicht 18.07.2018 13:29:03
  • Zuletzt bearbeitet 21.11.2024 04:04:51

Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Core). Supported versions that are affected are 16.x, 17.x and 18.x. Easily exploitable vulnerability allows unauthenticated attacker with ne...

6.1

CVE-2018-2965

  • EPSS 0.52%
  • Veröffentlicht 18.07.2018 13:29:03
  • Zuletzt bearbeitet 21.11.2024 04:04:51

Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Core). The supported version that is affected is 16.x. Easily exploitable vulnerability allows unauthenticated attacker with network access v...

7.4

CVE-2018-2966

  • EPSS 1%
  • Veröffentlicht 18.07.2018 13:29:03
  • Zuletzt bearbeitet 21.11.2024 04:04:51

Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Core). Supported versions that are affected are 16.x, 17.x and 18.x. Easily exploitable vulnerability allows unauthenticated attacker with ne...

5.3

CVE-2018-2967

  • EPSS 0.08%
  • Veröffentlicht 18.07.2018 13:29:03
  • Zuletzt bearbeitet 21.11.2024 04:04:51

Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Core). Supported versions that are affected are 16.x, 17.x and 18.x. Easily exploitable vulnerability allows physical access to compromise Pr...

4.3

CVE-2018-2969

  • EPSS 0.21%
  • Veröffentlicht 18.07.2018 13:29:03
  • Zuletzt bearbeitet 21.11.2024 04:04:51

Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Core). The supported version that is affected is 16.x. Easily exploitable vulnerability allows low privileged attacker with network access vi...

9.8

CVE-2017-7525

  • EPSS 77.34%
  • Veröffentlicht 06.02.2018 15:29:00
  • Zuletzt bearbeitet 21.11.2024 03:32:04

A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the Obj...

9.8

CVE-2017-15095

  • EPSS 7.41%
  • Veröffentlicht 06.02.2018 15:29:00
  • Zuletzt bearbeitet 21.11.2024 03:14:03

A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMappe...

6.1

CVE-2015-9251

  • EPSS 9.84%
  • Veröffentlicht 18.01.2018 23:29:00
  • Zuletzt bearbeitet 21.11.2024 02:40:09

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

8.1

CVE-2018-2620

  • EPSS 0.5%
  • Veröffentlicht 18.01.2018 02:29:20
  • Zuletzt bearbeitet 21.11.2024 04:04:03

Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Platform). Supported versions that are affected are 10.x, 15.x, 16.x and 17.x. Easily exploitable vulnerability allows low privileged attacke...