Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

oracle primavera gateway 15.2 vulnerabilities and exploits

(subscribe to this query)
6.5
CVSSv2
CVE-2017-3508
Vulnerability in the Primavera Gateway component of Oracle Primavera Products Suite (subcomponent: Primavera Desktop Integration). Supported versions that are affected are 1.0, 1.1, 14.2, 15.1, 15.2, 16.1 and 16.2. Easily "exploitable" vulnerability allows high privileg...
Oracle Primavera Gateway 16.2Oracle Primavera Gateway 1.0Oracle Primavera Gateway 16.1Oracle Primavera Gateway 15.1Oracle Primavera Gateway 1.1Oracle Primavera Gateway 15.2Oracle Primavera Gateway 14.2
4.9
CVSSv2
CVE-2017-3500
Vulnerability in the Primavera Gateway component of Oracle Primavera Products Suite (subcomponent: Primavera Desktop Integration). Supported versions that are affected are 1.0, 1.1, 14.2, 15.1, 15.2, 16.1 and 16.2. Easily "exploitable" vulnerability allows high privileg...
Oracle Primavera Gateway 1.0Oracle Primavera Gateway 1.1Oracle Primavera Gateway 16.2Oracle Primavera Gateway 16.1Oracle Primavera Gateway 15.2Oracle Primavera Gateway 14.2Oracle Primavera Gateway 15.1
7.5
CVSSv2
CVE-2019-14540
A Polymorphic Typing issue exists in FasterXML jackson-databind prior to 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
Fasterxml Jackson-databindNetapp Steelstore Cloud Integrated Storage -Netapp Oncommand Workflow Automation -Netapp Oncommand Api Services -Fedoraproject Fedora 30Fedoraproject Fedora 31Debian Debian Linux 8.0Debian Debian Linux 9.0Debian Debian Linux 10.0Redhat Jboss Enterprise Application Platform 7.2Redhat Jboss Enterprise Application Platform 7.3Oracle Retail Xstore Point Of Service 15.0Oracle Primavera Unifier 16.2Oracle Banking Platform 2.4.0Oracle Retail Xstore Point Of Service 7.1Oracle Banking Platform 2.4.1Oracle Primavera Gateway 16.2Oracle Primavera Gateway 15.2Oracle Banking Platform 2.5.0Oracle Primavera Unifier 16.1Oracle Weblogic Server 12.2.1.3.0Oracle Retail Xstore Point Of Service 16.0
7.5
CVSSv2
CVE-2019-16335
A Polymorphic Typing issue exists in FasterXML jackson-databind prior to 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.
Fasterxml Jackson-databindFedoraproject Fedora 30Fedoraproject Fedora 31Debian Debian Linux 8.0Debian Debian Linux 9.0Debian Debian Linux 10.0Netapp Steelstore Cloud Integrated Storage -Netapp Oncommand Workflow Automation -Netapp Oncommand Api Services -Redhat Jboss Enterprise Application Platform 7.2Redhat Jboss Enterprise Application Platform 7.3Oracle Retail Xstore Point Of Service 15.0Oracle Banking Platform 2.4.0Oracle Retail Xstore Point Of Service 7.1Oracle Banking Platform 2.4.1Oracle Primavera Gateway 16.1Oracle Primavera Gateway 16.2Oracle Primavera Gateway 15.2Oracle Banking Platform 2.5.0Oracle Weblogic Server 12.2.1.3.0Oracle Retail Xstore Point Of Service 16.0Oracle Banking Platform 2.6.0
7.5
CVSSv2
CVE-2019-14379
SubTypeValidator.java in FasterXML jackson-databind prior to 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.
Fasterxml Jackson-databindDebian Debian Linux 8.0Netapp Snapcenter -Netapp Oncommand Workflow Automation -Netapp Service Level Manager -Netapp Active Iq Unified ManagerFedoraproject Fedora 29Fedoraproject Fedora 30Fedoraproject Fedora 31Redhat Jboss Enterprise Application Platform 7.2Redhat Jboss Enterprise Application Platform 7.3Redhat Openshift Container Platform 4.1Redhat Single Sign-on 7.3Redhat Openshift Container Platform 3.11Oracle Retail Xstore Point Of Service 15.0Oracle Primavera Unifier 16.2Oracle Banking Platform 2.4.0Oracle Retail Xstore Point Of Service 7.1Oracle Jd Edwards Enterpriseone Tools 9.2Oracle Banking Platform 2.4.1Oracle Primavera Gateway 16.2Oracle Primavera Gateway 15.2
5
CVSSv2
CVE-2019-14439
A Polymorphic Typing issue exists in FasterXML jackson-databind 2.x prior to 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath.
Fasterxml Jackson-databindDebian Debian Linux 8.0Debian Debian Linux 9.0Debian Debian Linux 10.0Fedoraproject Fedora 29Fedoraproject Fedora 30Apache Drill 1.16.0Redhat Jboss Middleware Text-only Advisories 1.0Oracle Retail Xstore Point Of Service 15.0Oracle Banking Platform 2.4.0Oracle Retail Xstore Point Of Service 7.1Oracle Jd Edwards Enterpriseone Tools 9.2Oracle Banking Platform 2.4.1Oracle Primavera Gateway 16.1Oracle Primavera Gateway 16.2Oracle Primavera Gateway 15.2Oracle Banking Platform 2.5.0Oracle Retail Xstore Point Of Service 16.0Oracle Jd Edwards Enterpriseone Orchestrator 9.2Oracle Banking Platform 2.6.0Oracle Banking Platform 2.6.1Oracle Retail Customer Management And Segmentation Foundation 17.0
4.3
CVSSv2
CVE-2018-0735
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).
Openssl Openssl 1.1.1Openssl OpensslCanonical Ubuntu Linux 16.04Canonical Ubuntu Linux 14.04Canonical Ubuntu Linux 18.04Canonical Ubuntu Linux 18.10Debian Debian Linux 8.0Debian Debian Linux 9.0Nodejs Node.js 10.13.0Nodejs Node.jsNetapp Cn1610 Firmware -Netapp Cloud Backup -Netapp Oncommand Unified ManagerNetapp Steelstore -Netapp Santricity Smi-s Provider -Netapp Element Software -Netapp Snapdrive -Netapp Smi-s Provider -Oracle Primavera P6 Enterprise Project Portfolio Management 16.2Oracle Api Gateway 11.1.2.4.0Oracle Primavera P6 Enterprise Project Portfolio Management 15.1Oracle Primavera P6 Enterprise Project Portfolio Management 16.1
4.3
CVSSv2
CVE-2018-0734
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fi...
Openssl Openssl 1.1.1Openssl OpensslCanonical Ubuntu Linux 16.04Canonical Ubuntu Linux 14.04Canonical Ubuntu Linux 18.04Canonical Ubuntu Linux 18.10Debian Debian Linux 9.0Nodejs Node.jsNodejs Node.js 10.13.0Netapp Cn1610 Firmware -Netapp Cloud Backup -Netapp Oncommand Unified ManagerNetapp Steelstore -Netapp Santricity Smi-s Provider -Netapp Snapcenter -Netapp Storage Automation Store -Oracle Api Gateway 11.1.2.4.0Oracle Peoplesoft Enterprise Peopletools 8.55Oracle Peoplesoft Enterprise Peopletools 8.56Oracle Enterprise Manager Ops Center 12.3.3Oracle Peoplesoft Enterprise Peopletools 8.57Oracle Mysql Enterprise Backup
1.9
CVSSv2
CVE-2018-5407
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
Canonical Ubuntu Linux 16.04Canonical Ubuntu Linux 14.04Canonical Ubuntu Linux 18.04Canonical Ubuntu Linux 18.10Debian Debian Linux 8.0Debian Debian Linux 9.0Nodejs Node.jsOpenssl OpensslTenable NessusOracle Primavera P6 Enterprise Project Portfolio Management 16.2Oracle Api Gateway 11.1.2.4.0Oracle Primavera P6 Enterprise Project Portfolio Management 15.1Oracle Primavera P6 Enterprise Project Portfolio Management 16.1Oracle Primavera P6 Enterprise Project Portfolio Management 15.2Oracle Peoplesoft Enterprise Peopletools 8.55Oracle Primavera P6 Enterprise Project Portfolio Management 8.4Oracle Peoplesoft Enterprise Peopletools 8.56Oracle Enterprise Manager Ops Center 12.3.3Oracle Peoplesoft Enterprise Peopletools 8.57Oracle Primavera P6 Enterprise Project Portfolio ManagementOracle Primavera P6 Enterprise Project Portfolio Management 18.8Oracle Vm Virtualbox
4.3
CVSSv2
CVE-2018-1271
Spring Framework, versions 5.0 before 5.0.5 and versions 4.3 before 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to th...
Vmware Spring FrameworkOracle Retail Xstore Point Of Service 7.1Oracle Enterprise Manager Ops Center 12.2.2Oracle Primavera Gateway 16.2Oracle Primavera Gateway 15.2Oracle Application Testing Suite 12.5.0.3Oracle Retail Back Office 14.1Oracle Retail Back Office 14.0Oracle Enterprise Manager Ops Center 12.3.3Oracle Retail Open Commerce Platform 6.0.1Oracle Application Testing Suite 13.1.0.1Oracle Application Testing Suite 13.2.0.1Oracle Application Testing Suite 13.3.0.1Oracle Communications Diameter Signaling RouterOracle Communications Performance Intelligence CenterOracle Communications Services GatekeeperOracle Health Sciences Information Manager 3.0Oracle Healthcare Master Person Index 3.0Oracle Healthcare Master Person Index 4.0Oracle Insurance Calculation Engine 10.2Oracle Insurance Rules Palette 10.0Oracle Insurance Rules Palette 10.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27975CVE-2024-2961CVE-2024-20380XML injectionHTML injectionCVE-2024-29204CVE-2023-51795memory leakCVE-2024-3470
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook