Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

oracle enterprise manager base platform 13.2 vulnerabilities and exploits

(subscribe to this query)
6.5
CVSSv3
CVE-2018-3303
Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Products Suite (subcomponent: EM Console). Supported versions that are affected are 13.2 and 13.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via...
Oracle Enterprise Manager Base Platform 13.3Oracle Enterprise Manager Base Platform 13.2
7.5
CVSSv3
CVE-2016-2381
Perl might allow context-dependent malicious users to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
Perl PerlDebian Debian Linux 7.0Debian Debian Linux 8.0Oracle Communications Billing And Revenue Management 7.5Oracle Configuration ManagerOracle Configuration Manager 12.1.2.0.6Oracle Database Server 11.2.0.4Oracle Database Server 12.1.0.2Oracle Database Server 12.2.0.1Oracle Database Server 18cOracle Database Server 19cOracle Enterprise Manager Base Platform 13.2.0.0.0Oracle Enterprise Manager Base Platform 13.3.0.0.0Oracle Timesten In-memory DatabaseOracle Solaris 11.3Opensuse Opensuse 13.2Canonical Ubuntu Linux 12.04Canonical Ubuntu Linux 14.04Canonical Ubuntu Linux 15.10
7.5
CVSSv3
CVE-2017-9735
Jetty up to and including 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote malicious users to obtain access by observing elapsed times before rejection of incorrect passwords.
Eclipse JettyDebian Debian Linux 9.0Oracle Retail Xstore Point Of Service 15.0Oracle Retail Xstore Point Of Service 7.1Oracle Hospitality Guest Access 4.2.0Oracle Hospitality Guest Access 4.2.1Oracle Retail Xstore Point Of Service 16.0Oracle Enterprise Manager Base Platform 13.3Oracle Enterprise Manager Base Platform 13.2Oracle Retail Xstore Point Of Service 17.0Oracle Rest Data Services 12.2.0.1Oracle Rest Data Services 12.1.0.2Oracle Rest Data Services 11.2.0.4Oracle Rest Data Services 18cOracle Communications Cloud Native Core Policy 1.5.0
5.9
CVSSv3
CVE-2018-11039
Spring Framework (versions 5.0.x before 5.0.7, versions 4.3.x before 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-e...
Vmware Spring FrameworkOracle Retail Xstore Point Of Service 7.1Oracle Weblogic Server 12.1.3.0.0Oracle Application Testing Suite 12.5.0.3Oracle Hospitality Guest Access 4.2.0Oracle Hospitality Guest Access 4.2.1Oracle Weblogic Server 10.3.6.0.0Oracle Weblogic Server 12.2.1.3.0Oracle Enterprise Manager Ops Center 12.3.3Oracle Primavera P6 Enterprise Project Portfolio Management 18.8Oracle Application Testing Suite 13.1.0.1Oracle Application Testing Suite 13.2.0.1Oracle Application Testing Suite 13.3.0.1Oracle Communications Diameter Signaling RouterOracle Communications Performance Intelligence CenterOracle Communications Services GatekeeperOracle Endeca Information Discovery Integrator 3.1.0Oracle Endeca Information Discovery Integrator 3.2.0Oracle Health Sciences Information Manager 3.0Oracle Healthcare Master Person Index 3.0Oracle Healthcare Master Person Index 4.0Oracle Insurance Calculation Engine 10.2
5.3
CVSSv3
CVE-2019-10246
In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory contents. This information revea...
Eclipse Jetty 9.2.27Eclipse Jetty 9.3.26Eclipse Jetty 9.4.16Netapp Snap Creator Framework -Netapp Snapcenter -Netapp Oncommand System ManagerNetapp Snapmanager -Netapp Storage Services Connector -Netapp Virtual Storage ConsoleNetapp Virtual Storage Console 9.6Netapp Storage Replication Adapter For Clustered Data OntapNetapp Storage Replication Adapter For Clustered Data Ontap 9.6Netapp Vasa Provider For Clustered Data OntapNetapp Vasa Provider For Clustered Data Ontap -Netapp Element -Oracle Retail Xstore Point Of Service 15.0Oracle Flexcube Private Banking 12.1.0Oracle Retail Xstore Point Of Service 7.1Oracle Flexcube Private Banking 12.0.0Oracle Flexcube Core Banking 5.2.0Oracle Hospitality Guest Access 4.2.0Oracle Hospitality Guest Access 4.2.1
6.1
CVSSv3
CVE-2019-10219
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
Redhat Hibernate ValidatorRedhat Hibernate Validator 6.1.0Redhat Single Sign-on -Redhat Jboss Enterprise Application Platform -Redhat Jboss Data Grid -Redhat Openshift Application Runtimes -Redhat Fuse 1.0Redhat Jboss Enterprise Application Platform 7.2Redhat Jboss Enterprise Application Platform 7.3Netapp Active Iq Unified Manager -Netapp Element -Netapp Snapcenter Plug-in -Netapp Management Services For Element Software And Netapp Hci -Oracle Flexcube Investor Servicing 12.3.0Oracle Flexcube Investor Servicing 12.1.0Oracle Solaris 11Oracle Flexcube Private Banking 12.1.0Oracle Insurance Policy Administration J2ee 10.2.0Oracle Flexcube Private Banking 12.0.0Oracle Flexcube Investor Servicing 12.0.4Oracle Weblogic Server 12.1.3.0.0Oracle Retail Integration Bus 13.0
5.3
CVSSv3
CVE-2019-10247
In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Con...
Eclipse Jetty 9.3.0Eclipse Jetty 9.3.4Eclipse Jetty 9.3.7Eclipse Jetty 9.3.8Eclipse Jetty 9.3.1Eclipse Jetty 9.3.2Eclipse Jetty 9.3.3Eclipse Jetty 9.3.5Eclipse Jetty 9.3.6Eclipse Jetty 9.3.9Eclipse Jetty 9.3.10Eclipse Jetty 9.3.11Eclipse Jetty 9.3.12Eclipse Jetty 9.3.13Eclipse Jetty 9.3.14Eclipse Jetty 9.3.15Eclipse Jetty 9.3.16Eclipse Jetty 9.3.17Eclipse Jetty 9.3.18Eclipse Jetty 9.3.19Eclipse Jetty 9.3.20Eclipse Jetty 9.3.21
5.9
CVSSv3
CVE-2021-45105
Apache Log4j2 versions 2.0-alpha1 up to and including 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted strin...
Apache Log4jNetapp Cloud Manager -Debian Debian Linux 10.0Debian Debian Linux 11.0Sonicwall Network Security ManagerSonicwall Email SecuritySonicwall Web Application FirewallSonicwall 6bk1602-0aa12-0tp0 FirmwareSonicwall 6bk1602-0aa22-0tp0 FirmwareSonicwall 6bk1602-0aa32-0tp0 FirmwareSonicwall 6bk1602-0aa42-0tp0 FirmwareSonicwall 6bk1602-0aa52-0tp0 FirmwareOracle E-business Suite 12.2Oracle Retail Back Office 14.1Oracle Weblogic Server 12.2.1.3.0Oracle Webcenter Portal 12.2.1.3.0Oracle Webcenter Sites 12.2.1.3.0Oracle Managed File Transfer 12.2.1.3.0Oracle Retail Order Broker 16.0Oracle Retail Integration Bus 14.1.3Oracle Retail Returns Management 14.1Oracle Retail Central Office 14.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionfirmwareCVE-2006-4304CVE-2024-32878CVE-2024-31502XSSCVE-2024-3059CVE-2024-33692CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook