Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

oracle business process management suite 12.2.1.3.0 vulnerabilities and exploits

(subscribe to this query)

9.1
CVSSv3
CVE-2018-3100
Vulnerability in the Oracle Business Process Management Suite component of Oracle Fusion Middleware (subcomponent: Process Analysis & Discovery). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable...
Oracle Business Process Management Suite 12.1.3.0.0Oracle Business Process Management Suite 12.2.1.3.0Oracle Business Process Management Suite 11.1.1.7.0Oracle Business Process Management Suite 12.2.1.2.0Oracle Business Process Management Suite 11.1.1.9.0
7.5
CVSSv3
CVE-2018-11761
In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack....
Apache TikaOracle Business Process Management Suite 12.1.3.0.0Oracle Business Process Management Suite 12.2.1.3.0
7.5
CVSSv3
CVE-2018-3246
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported versions that are affected are 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...
Oracle Weblogic Server 12.1.3.0.0Oracle Communications Converged Application ServerOracle Webcenter Portal 12.2.1.3.0Oracle Retail Convenience And Fuel Pos Software 2.8.1Oracle Utilities Network Management System 2.3.0.2Oracle Business Process Management Suite 11.1.1.9.0Oracle Business Process Management Suite 12.1.3.0.0Oracle Business Process Management Suite 12.2.1.3.0Oracle Enterprise Repository 12.1.3.0.0Oracle Banking Platform 2.6.1Oracle Banking Platform 2.6.2Oracle Utilities Network Management System 1.12.0.3Oracle Utilities Network Management System 2.3.0.0Oracle Weblogic Server 12.2.1.3.0Oracle Communications Webrtc Session ControllerOracle Webcenter Portal 11.1.1.9.0Oracle Weblogic Server 12.2.1.3Oracle Banking Platform 2.6.0Oracle Utilities Network Management System 2.3.0.1
7.5
CVSSv3
CVE-2018-1000180
Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in...
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-apiBouncycastle Fips Java ApiDebian Debian Linux 9.0Oracle Peoplesoft Enterprise Peopletools 8.57Oracle Peoplesoft Enterprise Peopletools 8.55Oracle Soa Suite 12.1.3.0.0Oracle Soa Suite 12.2.1.3.0Oracle Business Process Management Suite 12.1.3.0.0Oracle Business Process Management Suite 12.2.1.3.0Oracle Business Process Management Suite 11.1.1.9.0Oracle Communications Webrtc Session ControllerOracle Communications Application Session Controller 3.8.0Oracle Communications Application Session Controller 3.7.1Oracle Retail Convenience And Fuel Pos Software 2.8.1Oracle Webcenter Portal 11.1.1.9.0Oracle Enterprise Repository 12.1.3.0.0Oracle Communications Converged Application ServerOracle Retail Xstore Point Of Service 7.1Oracle Managed File Transfer 12.2.1.3.0Oracle Business Transaction Management 12.1.0Oracle Weblogic Server 12.1.3.0.0Oracle Webcenter Portal 12.2.1.3.0Oracle Retail Xstore Point Of Service 7.0Oracle Peoplesoft Enterprise Peopletools 8.56Oracle Managed File Transfer 12.1.3.0.0Oracle Api Gateway 11.1.2.4.0Netapp Oncommand Workflow Automation -Redhat Virtualization 4.2Redhat Jboss Enterprise Application Platform 7.1.0
7.5
CVSSv3
CVE-2021-37714
jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop...
Jsoup JsoupQuarkus QuarkusOracle Webcenter Portal 12.2.1.3.0Oracle Business Process Management Suite 12.2.1.3.0Oracle Flexcube Universal BankingOracle Peoplesoft Enterprise Peopletools 8.58Oracle Webcenter Portal 12.2.1.4.0Oracle Primavera Unifier 20.12Oracle Business Process Management Suite 12.2.1.4.0Oracle Communications Messaging Server 8.1Oracle Peoplesoft Enterprise Peopletools 8.59Oracle Primavera Unifier 21.12Oracle Banking Trade Finance 14.5Oracle Banking Treasury Management 14.5Oracle Flexcube Universal Banking 14.5Oracle Hospitality Token Proxy Service 19.2Oracle Retail Customer Management And Segmentation FoundationNetapp Management Services For Element Software And Netapp Hci -
9.8
CVSSv3
CVE-2018-19362
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization....
Fasterxml Jackson-databindDebian Debian Linux 8.0Oracle Business Process Management Suite 12.1.3.0.0Oracle Primavera P6 Enterprise Project Portfolio Management 16.2Oracle Primavera P6 Enterprise Project Portfolio Management 18.8Oracle Primavera Unifier 16.2Oracle Business Process Management Suite 12.2.1.3.0Oracle Primavera P6 Enterprise Project Portfolio Management 15.1Oracle Primavera P6 Enterprise Project Portfolio Management 15.2Oracle Primavera P6 Enterprise Project Portfolio Management 16.1Oracle Primavera UnifierOracle Primavera Unifier 18.8Oracle Retail Workforce Management Software 1.60.9.0.0Oracle Webcenter Portal 12.2.1.3.0Oracle Primavera P6 Enterprise Project Portfolio ManagementOracle Primavera Unifier 16.1Redhat Decision Manager 7.3.1Redhat Jboss Brms 6.4.10Redhat Openshift Container Platform 3.11Redhat Automation Manager 7.3.1Redhat Jboss Bpm Suite 6.4.11
9.8
CVSSv3
CVE-2018-19360
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization....
Fasterxml Jackson-databindDebian Debian Linux 8.0Oracle Webcenter Portal 12.2.1.3.0Oracle Business Process Management Suite 12.1.3.0.0Oracle Primavera P6 Enterprise Project Portfolio Management 16.2Oracle Primavera P6 Enterprise Project Portfolio Management 18.8Oracle Retail Workforce Management Software 1.60.9.0.0Oracle Primavera P6 Enterprise Project Portfolio Management 15.1Oracle Primavera UnifierOracle Primavera Unifier 18.8Oracle Primavera Unifier 16.1Oracle Primavera P6 Enterprise Project Portfolio Management 15.2Oracle Business Process Management Suite 12.2.1.3.0Oracle Primavera Unifier 16.2Oracle Primavera P6 Enterprise Project Portfolio Management 16.1Oracle Primavera P6 Enterprise Project Portfolio ManagementRedhat Jboss Brms 6.4.10Redhat Jboss Bpm Suite 6.4.11Redhat Automation Manager 7.3.1Redhat Decision Manager 7.3.1Redhat Openshift Container Platform 3.11
9.8
CVSSv3
CVE-2018-19361
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization....
Fasterxml Jackson-databindDebian Debian Linux 9.0Debian Debian Linux 8.0Oracle Business Process Management Suite 12.2.1.3.0Oracle Primavera P6 Enterprise Project Portfolio Management 15.2Oracle Primavera Unifier 16.1Oracle Primavera UnifierOracle Retail Workforce Management Software 1.60.9.0.0Oracle Webcenter Portal 12.2.1.3.0Oracle Primavera P6 Enterprise Project Portfolio Management 16.1Oracle Primavera P6 Enterprise Project Portfolio Management 16.2Oracle Primavera P6 Enterprise Project Portfolio ManagementOracle Primavera P6 Enterprise Project Portfolio Management 18.8Oracle Business Process Management Suite 12.1.3.0.0Oracle Primavera P6 Enterprise Project Portfolio Management 15.1Oracle Primavera Unifier 16.2Oracle Primavera Unifier 18.8Redhat Jboss Bpm Suite 6.4.11Redhat Openshift Container Platform 3.11Redhat Automation Manager 7.3.1Redhat Decision Manager 7.3.1Redhat Jboss Brms 6.4.10
9.8
CVSSv3
CVE-2018-1000613
Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key...
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-apiNetapp Oncommand Workflow Automation -Opensuse Leap 15.1Oracle Api Gateway 11.1.2.4.0Oracle Banking Platform 2.6.0Oracle Banking Platform 2.6.1Oracle Banking Platform 2.6.2Oracle Business Process Management Suite 11.1.1.9.0Oracle Business Process Management Suite 12.1.3.0.0Oracle Business Process Management Suite 12.2.1.3.0Oracle Business Transaction Management 12.1.0Oracle Communications Application Session Controller 3.7.1Oracle Communications Application Session Controller 3.8.0Oracle Communications Converged Application ServerOracle Communications Converged Application Server 7.0.0.1Oracle Communications Convergence 3.0.2Oracle Communications Diameter Signaling Router 8.0.0Oracle Communications Diameter Signaling Router 8.1Oracle Communications Diameter Signaling Router 8.2Oracle Communications Diameter Signaling Router 8.2.1Oracle Communications Webrtc Session ControllerOracle Communications Webrtc Session Controller 7.2Oracle Data Integrator 12.2.1.3.0Oracle Enterprise Manager Base Platform 12.1.0.5.0Oracle Enterprise Manager Base Platform 13.2.0.0Oracle Enterprise Manager Base Platform 13.3.0.0Oracle Enterprise Manager For Fusion Middleware 13.2.0.0Oracle Enterprise Manager For Fusion Middleware 13.3.0.0Oracle Enterprise Repository 11.1.1.7.0Oracle Enterprise Repository 12.1.3.0.0Oracle Managed File Transfer 12.1.3.0.0Oracle Managed File Transfer 12.2.1.3.0Oracle Peoplesoft Enterprise Peopletools 8.55Oracle Peoplesoft Enterprise Peopletools 8.56Oracle Peoplesoft Enterprise Peopletools 8.57Oracle Retail Convenience And Fuel Pos Software 2.8.1Oracle Retail Xstore Point Of Service 7.0Oracle Retail Xstore Point Of Service 7.1Oracle Soa Suite 12.1.3.0.0Oracle Soa Suite 12.2.1.3.0Oracle Utilities Network Management System 1.12.0.3Oracle Utilities Network Management System 2.3.0.0Oracle Utilities Network Management System 2.3.0.1Oracle Utilities Network Management System 2.3.0.2Oracle Webcenter Portal 11.1.1.9.0Oracle Webcenter Portal 12.2.1.3.0Oracle Weblogic Server 12.2.1.3
6.1
CVSSv3
CVE-2015-9251
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed....
Jquery JqueryOracle Hospitality Materials Control 18.1Oracle Endeca Information Discovery Studio 3.1.0Oracle Siebel Ui Framework 18.10Oracle Siebel Ui Framework 18.11Oracle Agile Product Lifecycle Management For Process 6.2.0.0Oracle Agile Product Lifecycle Management For Process 6.2.1.0Oracle Retail Workforce Management Software 1.60.9Oracle Retail Workforce Management Software 1.64.0Oracle Peoplesoft Enterprise Peopletools 8.55Oracle Healthcare Foundation 7.2Oracle Business Process Management Suite 11.1.1.9.0Oracle Communications Webrtc Session ControllerOracle Communications Converged Application ServerOracle Jd Edwards Enterpriseone Tools 9.2Oracle Fusion Middleware Mapviewer 12.2.1.3.0Oracle Jdeveloper 11.1.1.9.0Oracle Financial Services Market Risk Measurement And Management 8.0.5Oracle Financial Services Market Risk Measurement And Management 8.0.6Oracle Financial Services Analytical Applications InfrastructureOracle Primavera Gateway 17.12Oracle Banking Platform 2.6.0Oracle Webcenter Sites 11.1.1.8.0Oracle Healthcare Translational Research 3.1.0Oracle Primavera UnifierOracle Primavera Unifier 18.8Oracle Banking Platform 2.6.1Oracle Banking Platform 2.6.2Oracle Hospitality Guest Access 4.2.0Oracle Hospitality Guest Access 4.2.1Oracle Communications Services GatekeeperOracle Utilities FrameworkOracle Retail Customer Insights 16.0Oracle Retail Sales Audit 15.0Oracle Insurance Insbridge Rating And Underwriting 5.5Oracle Healthcare Foundation 7.1Oracle Enterprise Manager Ops Center 12.2.2Oracle Enterprise Manager Ops Center 12.3.3Oracle Real-time Scheduler 2.3.0Oracle Utilities Mobile Workforce Management 2.3.0Oracle Financial Services Reconciliation Framework 8.0.6Oracle Financial Services Profitability ManagementOracle Financial Services Data Integration HubOracle Financial Services Asset Liability ManagementOracle Communications Interactive Session Recorder 6.2Oracle Agile Product Lifecycle Management For Process 6.2.3.1Oracle Retail Customer Insights 15.0Oracle Insurance Insbridge Rating And Underwriting 5.2Oracle Insurance Insbridge Rating And Underwriting 5.4Oracle Weblogic Server 12.1.3.0Oracle Weblogic Server 12.2.1.3Oracle Retail Invoice Matching 15.0Oracle Oss Support Tools 19.1Oracle Hospitality Reporting And Analytics 9.1.0Oracle Financial Services Reconciliation Framework 8.0.5Oracle Financial Services Hedge Management And Ifrs ValuationsOracle Financial Services Funds Transfer PricingOracle Communications Interactive Session Recorder 6.0Oracle Communications Interactive Session Recorder 6.1Oracle Primavera Gateway 15.2Oracle Primavera Gateway 16.2Oracle Endeca Information Discovery Studio 3.2.0Oracle Service Bus 12.1.3.0.0Oracle Service Bus 12.2.1.3.0Oracle Primavera Unifier 16.1Oracle Primavera Unifier 16.2Oracle Agile Product Lifecycle Management For Process 6.2.2.0Oracle Agile Product Lifecycle Management For Process 6.2.3.0Oracle Peoplesoft Enterprise Peopletools 8.56Oracle Peoplesoft Enterprise Peopletools 8.57Oracle Business Process Management Suite 12.1.3.0.0Oracle Business Process Management Suite 12.2.1.3.0Oracle Hospitality Cruise Fleet Management 9.0.11Oracle Retail Allocation 15.0.2Oracle Jdeveloper 12.1.3.0.0Oracle Jdeveloper 12.2.1.3.0Oracle Financial Services Loan Loss Forecasting And ProvisioningOracle Financial Services Liquidity Risk ManagementOracle Enterprise Operations Monitor 3.4Oracle Enterprise Operations Monitor 4.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-21500CVE-2022-29424IDORCVE-2022-29216CVE-2022-1388encryptionbuffer overflowCVE-2021-30028CVE-2022-29194
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook