Oracle

Business Activity Monitoring

29 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2021-21346

Exploit
  • EPSS 3.97%
  • Veröffentlicht 23.03.2021 00:15:12
  • Zuletzt bearbeitet 23.05.2025 17:41:29

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processe...

9.9

CVE-2021-21345

Exploit
  • EPSS 86.96%
  • Veröffentlicht 23.03.2021 00:15:12
  • Zuletzt bearbeitet 23.05.2025 17:41:10

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the proc...

9.8

CVE-2021-21344

Exploit
  • EPSS 28.06%
  • Veröffentlicht 23.03.2021 00:15:12
  • Zuletzt bearbeitet 23.05.2025 17:40:53

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processe...

7.5

CVE-2021-21343

Exploit
  • EPSS 0.62%
  • Veröffentlicht 23.03.2021 00:15:12
  • Zuletzt bearbeitet 23.05.2025 17:40:13

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStr...

9.1

CVE-2021-21342

Exploit
  • EPSS 1.02%
  • Veröffentlicht 23.03.2021 00:15:12
  • Zuletzt bearbeitet 23.05.2025 17:39:23

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStr...

7.5

CVE-2021-21341

Exploit
  • EPSS 23.43%
  • Veröffentlicht 23.03.2021 00:15:12
  • Zuletzt bearbeitet 23.05.2025 17:38:30

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel executio...

9.3

CVE-2020-26217

Exploit
  • EPSS 93.01%
  • Veröffentlicht 16.11.2020 21:15:12
  • Zuletzt bearbeitet 23.05.2025 16:54:19

XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone...

6.1

CVE-2019-10219

  • EPSS 1.67%
  • Veröffentlicht 08.11.2019 15:15:11
  • Zuletzt bearbeitet 07.07.2025 14:15:21

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.

9.8

CVE-2019-10173

  • EPSS 91.87%
  • Veröffentlicht 23.07.2019 13:15:13
  • Zuletzt bearbeitet 14.05.2025 20:02:54

It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshall...