Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
oracle business process management suite 12.2.1.3.0 vulnerabilities and exploits
(subscribe to this query)
9.1
CVSSv3
CVE-2018-3100
Vulnerability in the Oracle Business Process Management Suite component of Oracle Fusion Middleware (subcomponent: Process Analysis & Discovery). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable...
Oracle Business Process Management Suite 12.1.3.0.0
Oracle Business Process Management Suite 12.2.1.3.0
Oracle Business Process Management Suite 11.1.1.7.0
Oracle Business Process Management Suite 12.2.1.2.0
Oracle Business Process Management Suite 11.1.1.9.0
7.5
CVSSv3
CVE-2018-11761
In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack....
Apache Tika
Oracle Business Process Management Suite 12.1.3.0.0
Oracle Business Process Management Suite 12.2.1.3.0
4 Github repositories available
7.5
CVSSv3
CVE-2018-3246
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported versions that are affected are 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...
Oracle Weblogic Server 12.1.3.0.0
Oracle Communications Converged Application Server
Oracle Webcenter Portal 12.2.1.3.0
Oracle Retail Convenience And Fuel Pos Software 2.8.1
Oracle Utilities Network Management System 2.3.0.2
Oracle Business Process Management Suite 11.1.1.9.0
Oracle Business Process Management Suite 12.1.3.0.0
Oracle Business Process Management Suite 12.2.1.3.0
Oracle Enterprise Repository 12.1.3.0.0
Oracle Banking Platform 2.6.1
Oracle Banking Platform 2.6.2
Oracle Utilities Network Management System 1.12.0.3
Oracle Utilities Network Management System 2.3.0.0
Oracle Weblogic Server 12.2.1.3.0
Oracle Communications Webrtc Session Controller
Oracle Webcenter Portal 11.1.1.9.0
Oracle Weblogic Server 12.2.1.3
Oracle Banking Platform 2.6.0
Oracle Utilities Network Management System 2.3.0.1
1 Github repository available
5.5
CVSSv3
CVE-2020-1950
A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23....
Apache Tika
Oracle Flexcube Private Banking 12.1.0
Oracle Flexcube Private Banking 12.0.0
Debian Debian Linux 8.0
Oracle Business Process Management Suite 12.2.1.3.0
Canonical Ubuntu Linux 16.04
Oracle Business Process Management Suite 12.2.1.4.0
Oracle Communications Messaging Server 8.1
Oracle Communications Messaging Server 8.0.2
1 Github repository available
5.5
CVSSv3
CVE-2020-1951
A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23....
Apache Tika
Oracle Flexcube Private Banking 12.1.0
Oracle Flexcube Private Banking 12.0.0
Debian Debian Linux 8.0
Oracle Business Process Management Suite 12.2.1.3.0
Canonical Ubuntu Linux 16.04
Oracle Business Process Management Suite 12.2.1.4.0
Oracle Communications Messaging Server 8.1
Oracle Communications Messaging Server 8.0.2
1 Github repository available
8.8
CVSSv3
CVE-2022-23302
JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a...
Apache Log4j
Netapp Snapmanager -
Broadcom Brocade Sannav -
Qos Reload4j
Oracle Weblogic Server 12.2.1.3.0
Oracle Business Intelligence 12.2.1.3.0
Oracle Business Process Management Suite 12.2.1.3.0
Oracle Jdeveloper 12.2.1.3.0
Oracle Identity Management Suite 12.2.1.3.0
Oracle Business Intelligence 12.2.1.4.0
Oracle Weblogic Server 12.2.1.4.0
Oracle Weblogic Server 14.1.1.0.0
Oracle Enterprise Manager Base Platform 13.4.0.0
Oracle Communications Network Integrity 7.3.6
Oracle Business Process Management Suite 12.2.1.4.0
Oracle Advanced Supply Chain Planning 12.2
Oracle Advanced Supply Chain Planning 12.1
Oracle Communications Unified Inventory Management 7.4.1
Oracle Enterprise Manager Base Platform 13.5.0.0
Oracle Communications Messaging Server 8.1
Oracle Business Intelligence 5.9.0.0.0
Oracle Healthcare Foundation 8.1.0
Oracle Communications Eagle Ftp Table Base Retrieval 4.5
Oracle Identity Manager Connector 11.1.1.5.0
Oracle Communications Unified Inventory Management 7.4.2
Oracle Middleware Common Libraries And Tools 12.2.1.4.0
Oracle Identity Management Suite 12.2.1.4.0
Oracle Financial Services Revenue Management And Billing Analytics 2.7.0.0
Oracle Hyperion Data Relationship Management
Oracle Financial Services Revenue Management And Billing Analytics 2.8.0.0
Oracle Mysql Enterprise Monitor
Oracle Hyperion Infrastructure Technology
Oracle Tuxedo 12.2.2.0.0
Oracle E-business Suite Cloud Manager And Cloud Backup Module
Oracle E-business Suite Cloud Manager And Cloud Backup Module 2.2.1.1.1
Oracle Financial Services Revenue Management And Billing Analytics 2.7.0.1
9 Github repositories available
1 Article available
7.5
CVSSv3
CVE-2018-1000180
Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in...
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api
Bouncycastle Fips Java Api
Debian Debian Linux 9.0
Oracle Peoplesoft Enterprise Peopletools 8.57
Oracle Peoplesoft Enterprise Peopletools 8.55
Oracle Soa Suite 12.1.3.0.0
Oracle Soa Suite 12.2.1.3.0
Oracle Business Process Management Suite 12.1.3.0.0
Oracle Business Process Management Suite 12.2.1.3.0
Oracle Business Process Management Suite 11.1.1.9.0
Oracle Communications Webrtc Session Controller
Oracle Communications Application Session Controller 3.8.0
Oracle Communications Application Session Controller 3.7.1
Oracle Retail Convenience And Fuel Pos Software 2.8.1
Oracle Webcenter Portal 11.1.1.9.0
Oracle Enterprise Repository 12.1.3.0.0
Oracle Communications Converged Application Server
Oracle Retail Xstore Point Of Service 7.1
Oracle Managed File Transfer 12.2.1.3.0
Oracle Business Transaction Management 12.1.0
Oracle Weblogic Server 12.1.3.0.0
Oracle Webcenter Portal 12.2.1.3.0
Oracle Retail Xstore Point Of Service 7.0
Oracle Peoplesoft Enterprise Peopletools 8.56
Oracle Managed File Transfer 12.1.3.0.0
Oracle Api Gateway 11.1.2.4.0
Netapp Oncommand Workflow Automation -
Redhat Virtualization 4.2
Redhat Jboss Enterprise Application Platform 7.1.0
2 Github repositories available
9.8
CVSSv3
CVE-2022-23305
By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering...
Apache Log4j
Netapp Snapmanager -
Broadcom Brocade Sannav -
Qos Reload4j
Oracle Weblogic Server 12.2.1.3.0
Oracle Business Intelligence 12.2.1.3.0
Oracle Business Process Management Suite 12.2.1.3.0
Oracle Jdeveloper 12.2.1.3.0
Oracle Identity Management Suite 12.2.1.3.0
Oracle Business Intelligence 12.2.1.4.0
Oracle Weblogic Server 12.2.1.4.0
Oracle Weblogic Server 14.1.1.0.0
Oracle Enterprise Manager Base Platform 13.4.0.0
Oracle Communications Network Integrity 7.3.6
Oracle Business Process Management Suite 12.2.1.4.0
Oracle Advanced Supply Chain Planning 12.2
Oracle Advanced Supply Chain Planning 12.1
Oracle Communications Unified Inventory Management 7.4.1
Oracle Enterprise Manager Base Platform 13.5.0.0
Oracle Communications Messaging Server 8.1
Oracle Business Intelligence 5.9.0.0.0
Oracle Healthcare Foundation 8.1.0
Oracle Communications Eagle Ftp Table Base Retrieval 4.5
Oracle Identity Manager Connector 11.1.1.5.0
Oracle Communications Unified Inventory Management 7.4.2
Oracle Middleware Common Libraries And Tools 12.2.1.4.0
Oracle Identity Management Suite 12.2.1.4.0
Oracle Financial Services Revenue Management And Billing Analytics 2.7.0.0
Oracle Hyperion Data Relationship Management
Oracle Financial Services Revenue Management And Billing Analytics 2.8.0.0
Oracle Mysql Enterprise Monitor
Oracle Hyperion Infrastructure Technology
Oracle Tuxedo 12.2.2.0.0
Oracle E-business Suite Cloud Manager And Cloud Backup Module
Oracle E-business Suite Cloud Manager And Cloud Backup Module 2.2.1.1.1
Oracle Financial Services Revenue Management And Billing Analytics 2.7.0.1
13 Github repositories available
1 Article available
8.8
CVSSv3
CVE-2022-23307
CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists....
Apache Chainsaw
Apache Log4j
Qos Reload4j
Oracle Weblogic Server 12.2.1.3.0
Oracle Business Intelligence 12.2.1.3.0
Oracle Business Process Management Suite 12.2.1.3.0
Oracle Jdeveloper 12.2.1.3.0
Oracle Identity Management Suite 12.2.1.3.0
Oracle Business Intelligence 12.2.1.4.0
Oracle Weblogic Server 12.2.1.4.0
Oracle Weblogic Server 14.1.1.0.0
Oracle Enterprise Manager Base Platform 13.4.0.0
Oracle Communications Network Integrity 7.3.6
Oracle Business Process Management Suite 12.2.1.4.0
Oracle Advanced Supply Chain Planning 12.2
Oracle Advanced Supply Chain Planning 12.1
Oracle Communications Unified Inventory Management 7.4.1
Oracle Enterprise Manager Base Platform 13.5.0.0
Oracle Communications Messaging Server 8.1
Oracle Business Intelligence 5.9.0.0.0
Oracle Healthcare Foundation 8.1.0
Oracle Communications Eagle Ftp Table Base Retrieval 4.5
Oracle Identity Manager Connector 11.1.1.5.0
Oracle Communications Unified Inventory Management 7.4.2
Oracle Middleware Common Libraries And Tools 12.2.1.4.0
Oracle Identity Management Suite 12.2.1.4.0
Oracle Financial Services Revenue Management And Billing Analytics 2.7.0.0
Oracle Hyperion Data Relationship Management
Oracle Financial Services Revenue Management And Billing Analytics 2.8.0.0
Oracle Mysql Enterprise Monitor
Oracle Hyperion Infrastructure Technology
Oracle Tuxedo 12.2.2.0.0
Oracle E-business Suite Cloud Manager And Cloud Backup Module
Oracle E-business Suite Cloud Manager And Cloud Backup Module 2.2.1.1.1
Oracle Financial Services Revenue Management And Billing Analytics 2.7.0.1
10 Github repositories available
1 Article available
9.8
CVSSv3
CVE-2018-19362
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization....
Fasterxml Jackson-databind
Debian Debian Linux 8.0
Oracle Business Process Management Suite 12.1.3.0.0
Oracle Primavera P6 Enterprise Project Portfolio Management 16.2
Oracle Primavera P6 Enterprise Project Portfolio Management 18.8
Oracle Primavera Unifier 16.2
Oracle Business Process Management Suite 12.2.1.3.0
Oracle Primavera P6 Enterprise Project Portfolio Management 15.1
Oracle Primavera P6 Enterprise Project Portfolio Management 15.2
Oracle Primavera P6 Enterprise Project Portfolio Management 16.1
Oracle Primavera Unifier
Oracle Primavera Unifier 18.8
Oracle Retail Workforce Management Software 1.60.9.0.0
Oracle Webcenter Portal 12.2.1.3.0
Oracle Primavera P6 Enterprise Project Portfolio Management
Oracle Primavera Unifier 16.1
Redhat Decision Manager 7.3.1
Redhat Jboss Brms 6.4.10
Redhat Openshift Container Platform 3.11
Redhat Automation Manager 7.3.1
Redhat Jboss Bpm Suite 6.4.11
4 Github repositories available
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-22281
CVE-2023-0617
CVE-2022-31711
CVE-2023-0115
CVE-2022-27596
privilege
dos
CVE-2022-47003
arbitrary code
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »