Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

oracle primavera unifier 19.12 vulnerabilities and exploits

(subscribe to this query)

7.5
CVSSv3
CVE-2019-17558
Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/` directory or as a parameter. A user defined configset could contain...
Apache SolrOracle Primavera Unifier 16.1Oracle Primavera Unifier 16.2Oracle Primavera UnifierOracle Primavera Unifier 18.8Oracle Primavera Unifier 19.12
9.8
CVSSv3
CVE-2021-42575
The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements....
Owasp Java Html SanitizerOracle Primavera UnifierOracle Primavera Unifier 18.8Oracle Primavera Unifier 19.12Oracle Primavera Unifier 20.12Oracle Primavera Unifier 21.12
5.7
CVSSv3
CVE-2020-14617
Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Platform, Mobile App). Supported versions that are affected are 16.1, 16.2, 17.7-17.12, 18.8 and 19.12; Mobile App: Prior to 20.6. Easily exploitable vulnerability allows low...
Oracle Primavera Unifier 16.1Oracle Primavera Unifier 16.2Oracle Primavera UnifierOracle Primavera Unifier 18.8Oracle Primavera Unifier 19.12
9.8
CVSSv3
CVE-2021-23450
All versions of package dojo are vulnerable to Prototype Pollution via the setObject function....
Linuxfoundation DojoOracle Primavera Unifier 18.8Oracle Primavera UnifierOracle Primavera Unifier 19.12Oracle Primavera Unifier 20.12Oracle Primavera Unifier 21.12Oracle Communications Policy Management 12.6.0.0.0
5.9
CVSSv3
CVE-2021-38153
Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this...
Apache KafkaApache Kafka 2.8.0Quarkus QuarkusOracle Primavera Unifier 18.8Oracle Primavera Unifier 19.12Oracle Primavera Unifier 20.12Oracle Primavera Unifier 21.12
5.5
CVSSv3
CVE-2020-9489
A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. Crafted or corrupted files can also cause out of memory errors and/or infinite loops in Tika's ICNSParser, MP3Parser, MP4Parser, SAS7BDATParser, OneNoteParser and ImageParser....
Apache Tika 1.24Oracle Flexcube Private Banking 12.0.0Oracle Flexcube Private Banking 12.1.0Oracle Primavera Unifier 16.1Oracle Primavera Unifier 16.2Oracle Primavera UnifierOracle Primavera Unifier 18.8Oracle Primavera Unifier 19.12Oracle Webcenter Portal 12.2.1.3.0Oracle Webcenter Portal 12.2.1.4.0Oracle Communications Messaging Server 8.1
5.5
CVSSv3
CVE-2021-28657
A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later....
Apache TikaOracle Webcenter Portal 12.2.1.3.0Oracle Primavera Unifier 18.8Oracle Primavera UnifierOracle Primavera Unifier 19.12Oracle Webcenter Portal 12.2.1.4.0Oracle Healthcare Foundation 7.3.0Oracle Primavera Unifier 20.12Oracle Communications Messaging Server 8.1Oracle Healthcare Foundation 8.0.0Oracle Healthcare Foundation 8.1.0
7.5
CVSSv3
CVE-2020-5258
In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes...
Linuxfoundation DojoDebian Debian Linux 8.0Oracle Communications Application Session Controller 3.9.0Oracle Communications Policy Management 12.5.0Oracle Communications Pricing Design Center 12.0.0.3.0Oracle DocumakerOracle MysqlOracle Primavera UnifierOracle Primavera Unifier 18.8Oracle Primavera Unifier 19.12Oracle Primavera Unifier 20.12Oracle Webcenter Sites 12.2.1.3.0Oracle Webcenter Sites 12.2.1.4.0Oracle Weblogic Server 12.2.1.4.0Oracle Weblogic Server 14.1.1.0.0
3.3
CVSSv3
CVE-2020-8908
A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the...
Google GuavaQuarkus QuarkusOracle Peoplesoft Enterprise Peopletools 8.57Oracle Data Integrator 12.2.1.3.0Oracle Peoplesoft Enterprise Peopletools 8.58Oracle Weblogic Server 14.1.1.0.0Oracle Data Integrator 12.2.1.4.0Oracle Nosql DatabaseOracle Commerce Guided Search 11.3.2Oracle Peoplesoft Enterprise Peopletools 8.59Oracle Communications Cloud Native Core Network Slice Selection Function 1.2.1Oracle Retail Customer Management And Segmentation FoundationOracle Communications Pricing Design Center 12.0.0.4.0Oracle Communications Pricing Design Center 12.0.0.5.0Oracle Primavera Unifier 18.8Oracle Primavera UnifierOracle Primavera Unifier 19.12Oracle Primavera Unifier 20.12Oracle Communications Cloud Native Core Network Repository Function 1.14.0Oracle Primavera Unifier 21.12Netapp Active Iq Unified Manager -
5.3
CVSSv3
CVE-2020-13956
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution....
Apache HttpclientQuarkus QuarkusOracle Primavera Unifier 16.2Oracle Primavera Unifier 16.1Oracle Peoplesoft Enterprise Peopletools 8.57Oracle Primavera Unifier 18.8Oracle Data Integrator 12.2.1.3.0Oracle Primavera UnifierOracle Peoplesoft Enterprise Peopletools 8.58Oracle Primavera Unifier 19.12Oracle Data Integrator 12.2.1.4.0Oracle Primavera Unifier 20.12Oracle Jd Edwards Enterpriseone OrchestratorOracle Jd Edwards Enterpriseone ToolsOracle Nosql DatabaseOracle Peoplesoft Enterprise Pt Peopletools 8.57Oracle Peoplesoft Enterprise Pt Peopletools 8.58Oracle Peoplesoft Enterprise Pt Peopletools 8.59Oracle Retail Customer Management And Segmentation FoundationOracle Spatial StudioOracle Sql DeveloperNetapp Snapcenter -Netapp Active Iq Unified Manager -Oracle Weblogic Server 12.2.1.4.0Oracle Weblogic Server 14.1.1.0.0Oracle Commerce Guided Search 11.3.2Oracle Communications Cloud Native Core Service Communication Proxy 1.14.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-29214CVE-2022-29432CVE-2022-1388LFICVE-2022-1813SSRFCVE-2022-20821CVE-2021-41834XML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook