Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oracle autovue 21.0.2 vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2020-2592
Vulnerability in the Oracle AutoVue product of Oracle Supply Chain (component: Security). The supported version that is affected is 21.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle AutoVue. Successful attac...
Oracle Autovue 21.0.2
3.6
CVSSv2
CVE-2021-34428
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this c...
Eclipse Jetty
Debian Debian Linux 10.0
Netapp Snap Creator Framework -
Netapp Santricity Cloud Connector -
Netapp Snapmanager -
Netapp E-series Santricity Web Services -
Netapp Active Iq Unified Manager -
Netapp E-series Santricity Os Controller
Netapp Element Plug-in For Vcenter Server -
Oracle Communications Services Gatekeeper 7.0
Oracle Autovue For Agile Product Lifecycle Management 21.0.2
Oracle Siebel Core - Automation
Oracle Communications Session Route Manager
Oracle Communications Element Manager 8.2.2
Oracle Rest Data Services
Oracle Communications Session Report Manager
6.8
CVSSv2
CVE-2020-14061
FasterXML jackson-databind 2.x prior to 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnec...
Fasterxml Jackson-databind
Netapp Steelstore Cloud Integrated Storage -
Netapp Active Iq Unified Manager
Debian Debian Linux 8.0
Oracle Agile Plm 9.3.6
Oracle Banking Digital Experience 18.2
Oracle Banking Digital Experience 18.3
Oracle Banking Digital Experience 19.1
Oracle Banking Digital Experience 18.1
Oracle Communications Instant Messaging Server 10.0.1.4.0
Oracle Communications Diameter Signaling Router
Oracle Banking Digital Experience 19.2
Oracle Banking Digital Experience 20.1
Oracle Communications Evolved Communications Application Server 7.1
Oracle Communications Contacts Server 8.0.0.5.0
Oracle Communications Calendar Server 8.0.0.4.0
Oracle Communications Session Route Manager
Oracle Communications Session Report Manager
Oracle Communications Element Manager
Oracle Autovue For Agile Product Lifecycle Management 21.0.2
7.8
CVSSv2
CVE-2021-28165
In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.
Eclipse Jetty
Oracle Communications Services Gatekeeper 7.0
Oracle Autovue For Agile Product Lifecycle Management 21.0.2
Oracle Siebel Core - Automation
Oracle Communications Element Manager 8.2.2
Oracle Communications Cloud Native Core Policy 1.14.0
Oracle Communications Session Report Manager
Oracle Communications Session Route Manager
Oracle Rest Data Services
Jenkins Jenkins
Netapp Santricity Cloud Connector -
Netapp E-series Santricity Os Controller
Netapp E-series Performance Analyzer
Netapp Snapcenter
Netapp E-series Santricity Storage
Netapp Santricity Web Services Proxy
Netapp Storage Replication Adapter For Clustered Data Ontap
Netapp Vasa Provider For Clustered Data Ontap
Netapp E-series Santricity Web Services
Netapp Ontap Tools
Netapp Cloud Manager
1 Github repository
5
CVSSv2
CVE-2021-28164
In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web....
Eclipse Jetty 9.4.37
Eclipse Jetty 9.4.38
Netapp Santricity Cloud Connector -
Netapp Snapcenter -
Netapp E-series Performance Analyzer -
Netapp E-series Santricity Web Services -
Netapp Virtual Storage Console
Netapp Storage Replication Adapter For Clustered Data Ontap
Netapp Vasa Provider For Clustered Data Ontap
Netapp Cloud Manager -
Netapp Snapcenter Plug-in -
Netapp E-series Santricity Os Controller
Netapp Element Plug-in For Vcenter Server -
Oracle Banking Digital Experience 20.1
Oracle Autovue For Agile Product Lifecycle Management 21.0.2
Oracle Siebel Core - Automation
Oracle Communications Session Route Manager
Oracle Banking Digital Experience 21.1
Oracle Banking Apis 20.1
Oracle Banking Apis 21.1
2 Github repositories
5
CVSSv2
CVE-2021-34429
For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-281...
Eclipse Jetty
Netapp Snap Creator Framework -
Netapp Solidfire -
Netapp Hci Management Node -
Netapp E-series Santricity Web Services -
Netapp Snapcenter Plug-in -
Netapp E-series Santricity Os Controller
Netapp Element Plug-in For Vcenter Server -
Oracle Autovue For Agile Product Lifecycle Management 21.0.2
Oracle Retail Eftlink 20.0.1
Oracle Communications Cloud Native Core Binding Support Function 1.10.0
Oracle Communications Diameter Signaling Router
Oracle Communications Cloud Native Core Unified Data Repository 1.14.0
Oracle Communications Cloud Native Core Service Communication Proxy 1.14.0
Oracle Communications Cloud Native Core Security Edge Protection Proxy 1.5.0
Oracle Financial Services Crime And Compliance Management Studio 8.0.8.2.0
Oracle Financial Services Crime And Compliance Management Studio 8.0.8.3.0
Oracle Rest Data Services
Oracle Stream Analytics
Oracle Stream Analytics 19c
2 Github repositories
6.8
CVSSv2
CVE-2020-9547
FasterXML jackson-databind 2.x prior to 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap).
Fasterxml Jackson-databind
Netapp Active Iq Unified Manager
Debian Debian Linux 8.0
Oracle Retail Xstore Point Of Service 15.0
Oracle Primavera Unifier 16.2
Oracle Primavera Unifier 16.1
Oracle Weblogic Server 12.2.1.3.0
Oracle Retail Xstore Point Of Service 16.0
Oracle Primavera Unifier 18.8
Oracle Primavera Unifier
Oracle Weblogic Server 12.2.1.4.0
Oracle Enterprise Manager Base Platform 13.3.0.0
Oracle Primavera Unifier 19.12
Oracle Enterprise Manager Base Platform 13.4.0.0
Oracle Communications Instant Messaging Server 10.0.1.4.0
Oracle Retail Xstore Point Of Service 17.0
Oracle Retail Xstore Point Of Service 18.0
Oracle Retail Xstore Point Of Service 19.0
Oracle Communications Evolved Communications Application Server 7.1
Oracle Communications Network Charging And Control 6.0.1
Oracle Jd Edwards Enterpriseone Tools
Oracle Jd Edwards Enterpriseone Orchestrator
1 Github repository
6.8
CVSSv2
CVE-2020-24616
FasterXML jackson-databind 2.x prior to 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).
Fasterxml Jackson-databind
Netapp Active Iq Unified Manager -
Oracle Application Testing Suite 13.3.0.1
Oracle Agile Plm 9.3.6
Oracle Communications Policy Management 12.5.0
Oracle Communications Diameter Signaling Router
Oracle Communications Services Gatekeeper 7.0
Oracle Communications Evolved Communications Application Server 7.1
Oracle Communications Contacts Server 8.0.0.5.0
Oracle Communications Calendar Server 8.0.0.4.0
Oracle Communications Unified Inventory Management 7.4.1
Oracle Communications Cloud Native Core Unified Data Repository 1.4.0
Oracle Communications Element Manager
Oracle Autovue For Agile Product Lifecycle Management 21.0.2
Oracle Communications Messaging Server 8.1
Oracle Siebel Ui Framework
Oracle Banking Supply Chain Finance 14.2
Oracle Banking Supply Chain Finance 14.3
Oracle Banking Supply Chain Finance 14.5
Oracle Identity Manager Connector 11.1.1.5.0
Oracle Communications Contacts Server 8.0
Oracle Communications Calendar Server 8.0
1 Github repository
4
CVSSv2
CVE-2021-28163
In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that m...
Eclipse Jetty 11.0.0
Eclipse Jetty 10.0.0
Eclipse Jetty 11.0.1
Eclipse Jetty 10.0.1
Eclipse Jetty
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Apache Solr 8.8.1
Apache Ignite
Netapp Santricity Cloud Connector -
Netapp Snapcenter -
Netapp E-series Performance Analyzer -
Netapp E-series Santricity Web Services -
Netapp Virtual Storage Console
Netapp Storage Replication Adapter For Clustered Data Ontap
Netapp Vasa Provider For Clustered Data Ontap
Netapp Cloud Manager -
Netapp Snapcenter Plug-in -
Netapp Element Plug-in For Vcenter Server -
Netapp E-series Santricity Os Controller
Oracle Banking Digital Experience 20.1
6.8
CVSSv2
CVE-2020-24750
FasterXML jackson-databind 2.x prior to 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.
Fasterxml Jackson-databind
Oracle Application Testing Suite 13.3.0.1
Oracle Agile Plm 9.3.6
Oracle Communications Policy Management 12.5.0
Oracle Communications Diameter Signaling Router
Oracle Communications Offline Mediation Controller 12.0.0.3.0
Oracle Communications Services Gatekeeper 7.0
Oracle Communications Contacts Server 8.0.0.5.0
Oracle Communications Calendar Server 8.0.0.4.0
Oracle Banking Credit Facilities Process Management 14.3.0
Oracle Banking Corporate Lending Process Management 14.3.0
Oracle Siebel Core - Server Framework
Oracle Communications Unified Inventory Management 7.4.1
Oracle Communications Element Manager
Oracle Autovue For Agile Product Lifecycle Management 21.0.2
Oracle Banking Supply Chain Finance 14.2.0
Oracle Banking Credit Facilities Process Management 14.2.0
Oracle Banking Credit Facilities Process Management 14.5.0
Oracle Banking Corporate Lending Process Management 14.2.0
Oracle Banking Corporate Lending Process Management 14.5.0
Oracle Banking Supply Chain Finance 14.5.0
Oracle Banking Supply Chain Finance 14.3.0
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »