Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

oracle application performance management 13.3.0.0 vulnerabilities and exploits

(subscribe to this query)
6
CVSSv3
CVE-2020-2946
Vulnerability in the Application Performance Management product of Oracle Enterprise Manager (component: EM Request Monitoring). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network...
Oracle Application Performance Management 12.1.0.5Oracle Application Performance Management 13.2.0.0Oracle Application Performance Management 13.3.0.0
6.5
CVSSv3
CVE-2019-3739
RSA BSAFE Crypto-J versions before 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys.
Dell Bsafe Ssl-jDell Bsafe Crypto-jDell Bsafe Cert-jOracle Retail Service Backbone 14.1Oracle Retail Integration Bus 14.1Oracle Retail Service Backbone 15.0Oracle Retail Integration Bus 15.0Oracle Weblogic Server 10.3.6.0.0Oracle Weblogic Server 12.2.1.3.0Oracle Retail Integration Bus 16.0Oracle Retail Xstore Point Of Service 17.0.3Oracle Weblogic Server 12.2.1.4.0Oracle Application Performance Management 13.3.0.0Oracle Weblogic Server 14.1.1.0.0Oracle Database 12.1.0.2Oracle Database 12.2.0.1Oracle Database 18cOracle Database 19cOracle Retail Assortment Planning 15.0.3.0Oracle Retail Predictive Application Server 14.1.3.0Oracle Retail Predictive Application Server 15.0.3.0Oracle Retail Assortment Planning 16.0.3.0
6.5
CVSSv3
CVE-2019-3740
RSA BSAFE Crypto-J versions before 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys.
Dell Bsafe Ssl-jDell Bsafe Crypto-jDell Bsafe Cert-jOracle Retail Service Backbone 14.1Oracle Retail Integration Bus 14.1Oracle Weblogic Server 12.1.3.0.0Oracle Retail Service Backbone 15.0Oracle Retail Integration Bus 15.0Oracle Weblogic Server 10.3.6.0.0Oracle Weblogic Server 12.2.1.3.0Oracle Retail Predictive Application Server 15.0Oracle Retail Integration Bus 16.0Oracle Communications Unified Inventory Management 7.3.2Oracle Communications Unified Inventory Management 7.3.4Oracle Communications Unified Inventory Management 7.3.5Oracle Communications Unified Inventory Management 7.4.0Oracle Retail Xstore Point Of Service 17.0.3Oracle Weblogic Server 12.2.1.4.0Oracle Application Performance Management 13.3.0.0Oracle Weblogic Server 14.1.1.0.0Oracle Database 12.1.0.2Oracle Database 12.2.0.1
6.5
CVSSv3
CVE-2019-3738
RSA BSAFE Crypto-J versions before 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key.
Dell Bsafe Ssl-jDell Bsafe Crypto-jDell Bsafe Cert-jMcafee Threat Intelligence Exchange Server 3.0.0Mcafee Threat Intelligence Exchange ServerOracle Retail Service Backbone 14.1Oracle Retail Integration Bus 14.1Oracle Retail Service Backbone 15.0Oracle Retail Integration Bus 15.0Oracle Retail Integration Bus 16.0Oracle Communications Unified Inventory Management 7.3.2Oracle Communications Unified Inventory Management 7.3.4Oracle Communications Unified Inventory Management 7.3.5Oracle Communications Unified Inventory Management 7.4.0Oracle Retail Xstore Point Of Service 17.0.3Oracle Application Performance Management 13.3.0.0Oracle Database 12.1.0.2Oracle Database 12.2.0.1Oracle Database 18cOracle Database 19cOracle Retail Assortment Planning 15.0.3.0Oracle Retail Predictive Application Server 14.1.3.0
9.8
CVSSv3
CVE-2020-9546
FasterXML jackson-databind 2.x prior to 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).
Fasterxml Jackson-databindNetapp Active Iq Unified ManagerDebian Debian Linux 8.0Oracle Retail Xstore Point Of Service 15.0Oracle Primavera Unifier 16.2Oracle Retail Service Backbone 14.1Oracle Primavera Unifier 16.1Oracle Retail Service Backbone 15.0Oracle Weblogic Server 12.2.1.3.0Oracle Retail Xstore Point Of Service 16.0Oracle Primavera Unifier 18.8Oracle Primavera UnifierOracle Retail Merchandising System 15.0Oracle Agile Plm 9.3.6Oracle Banking Digital Experience 18.2Oracle Banking Digital Experience 18.3Oracle Banking Digital Experience 19.1Oracle Banking Digital Experience 18.1Oracle Weblogic Server 12.2.1.4.0Oracle Enterprise Manager Base Platform 13.3.0.0Oracle Financial Services Price Creation And Discovery 8.0.7Oracle Primavera Unifier 19.12
6.1
CVSSv3
CVE-2019-11358
jQuery prior to 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
Jquery JqueryDebian Debian Linux 8.0Debian Debian Linux 9.0Debian Debian Linux 10.0Drupal DrupalBackdropcms BackdropFedoraproject Fedora 28Fedoraproject Fedora 29Fedoraproject Fedora 30Opensuse Leap 15.1Opensuse Backports Sle 15.0Netapp Snapcenter -Netapp Oncommand System ManagerRedhat Cloudforms 4.7Redhat Virtualization Manager 4.3Oracle Service Bus 12.1.3.0.0Oracle Primavera Unifier 16.2Oracle Jd Edwards Enterpriseone Tools 9.2Oracle Weblogic Server 12.1.3.0.0Oracle Service Bus 11.1.1.9.0Oracle Jdeveloper 11.1.1.9.0Oracle Primavera Unifier 16.1
8.8
CVSSv3
CVE-2020-10672
FasterXML jackson-databind 2.x prior to 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).
Fasterxml Jackson-databindDebian Debian Linux 8.0Netapp Steelstore Cloud Integrated Storage -Oracle Retail Xstore Point Of Service 15.0Oracle Primavera Unifier 16.2Oracle Retail Service Backbone 14.1Oracle Primavera Unifier 16.1Oracle Retail Service Backbone 15.0Oracle Weblogic Server 12.2.1.3.0Oracle Retail Xstore Point Of Service 16.0Oracle Primavera Unifier 18.8Oracle Primavera UnifierOracle Retail Merchandising System 15.0Oracle Agile Plm 9.3.6Oracle Banking Digital Experience 18.2Oracle Banking Digital Experience 18.3Oracle Banking Digital Experience 19.1Oracle Banking Digital Experience 18.1Oracle Weblogic Server 12.2.1.4.0Oracle Enterprise Manager Base Platform 13.3.0.0Oracle Financial Services Price Creation And Discovery 8.0.7Oracle Primavera Unifier 19.12
8.8
CVSSv3
CVE-2020-10673
FasterXML jackson-databind 2.x prior to 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).
Fasterxml Jackson-databindDebian Debian Linux 8.0Netapp Steelstore Cloud Integrated Storage -Oracle Retail Xstore Point Of Service 15.0Oracle Primavera Unifier 16.2Oracle Retail Service Backbone 14.1Oracle Primavera Unifier 16.1Oracle Retail Service Backbone 15.0Oracle Weblogic Server 12.2.1.3.0Oracle Retail Xstore Point Of Service 16.0Oracle Primavera Unifier 18.8Oracle Primavera UnifierOracle Retail Merchandising System 15.0Oracle Agile Plm 9.3.6Oracle Banking Digital Experience 18.2Oracle Banking Digital Experience 18.3Oracle Banking Digital Experience 19.1Oracle Banking Digital Experience 18.1Oracle Weblogic Server 12.2.1.4.0Oracle Enterprise Manager Base Platform 13.3.0.0Oracle Financial Services Price Creation And Discovery 8.0.7Oracle Primavera Unifier 19.12
7.5
CVSSv3
CVE-2020-1967
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or u...
Openssl OpensslDebian Debian Linux 9.0Debian Debian Linux 10.0Freebsd Freebsd 12.1Fedoraproject Fedora 30Fedoraproject Fedora 31Fedoraproject Fedora 32Oracle Peoplesoft Enterprise Peopletools 8.56Oracle Peoplesoft Enterprise Peopletools 8.57Oracle Jd Edwards World Security A9.4Oracle Enterprise Manager Ops Center 12.4.0Oracle Peoplesoft Enterprise Peopletools 8.58Oracle MysqlOracle Enterprise Manager Base Platform 13.4.0.0Oracle Mysql Enterprise MonitorOracle Mysql WorkbenchOracle Http Server 12.2.1.4.0Oracle Enterprise Manager For Storage Management 13.3.0.0Oracle Mysql ConnectorsOracle Enterprise Manager For Storage Management 13.4.0.0Oracle Peoplesoft Enterprise Peopletools 8.59Oracle Application Server 12.1.3
8.8
CVSSv3
CVE-2020-11113
FasterXML jackson-databind 2.x prior to 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).
Fasterxml Jackson-databindDebian Debian Linux 8.0Netapp Steelstore Cloud Integrated Storage -Oracle Retail Xstore Point Of Service 15.0Oracle Primavera Unifier 16.2Oracle Retail Service Backbone 14.1Oracle Primavera Unifier 16.1Oracle Retail Service Backbone 15.0Oracle Weblogic Server 12.2.1.3.0Oracle Webcenter Portal 12.2.1.3.0Oracle Retail Xstore Point Of Service 16.0Oracle Primavera Unifier 18.8Oracle Primavera UnifierOracle Retail Merchandising System 15.0Oracle Agile Plm 9.3.6Oracle Banking Digital Experience 18.2Oracle Banking Digital Experience 18.3Oracle Banking Digital Experience 19.1Oracle Banking Digital Experience 18.1Oracle Weblogic Server 12.2.1.4.0Oracle Enterprise Manager Base Platform 13.3.0.0Oracle Financial Services Price Creation And Discovery 8.0.7
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionfirmwareCVE-2006-4304CVE-2024-32878CVE-2024-31502XSSCVE-2024-3059CVE-2024-33692CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook