Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oracle web analytics vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-22720
Apache HTTP Server 2.4.52 and previous versions fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling
Apache Http Server
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Debian Debian Linux 9.0
Oracle Http Server 12.2.1.3.0
Oracle Http Server 12.2.1.4.0
Oracle Enterprise Manager Ops Center 12.4.0.0
Oracle Zfs Storage Appliance Kit 8.8
Apple Macos
Apple Mac Os X 10.15.7
9.8
CVSSv3
CVE-2022-23305
By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows malicious users to manipulate the SQL by ent...
Apache Log4j
Netapp Snapmanager -
Broadcom Brocade Sannav -
Qos Reload4j
Oracle Weblogic Server 12.2.1.3.0
Oracle Business Intelligence 12.2.1.3.0
Oracle Business Process Management Suite 12.2.1.3.0
Oracle Jdeveloper 12.2.1.3.0
Oracle Identity Management Suite 12.2.1.3.0
Oracle Business Intelligence 12.2.1.4.0
Oracle Weblogic Server 12.2.1.4.0
Oracle Weblogic Server 14.1.1.0.0
Oracle Enterprise Manager Base Platform 13.4.0.0
Oracle Communications Network Integrity 7.3.6
Oracle Business Process Management Suite 12.2.1.4.0
Oracle Advanced Supply Chain Planning 12.2
Oracle Advanced Supply Chain Planning 12.1
Oracle Communications Unified Inventory Management 7.4.1
Oracle Enterprise Manager Base Platform 13.5.0.0
Oracle Communications Messaging Server 8.1
Oracle Business Intelligence 5.9.0.0.0
Oracle Healthcare Foundation 8.1.0
2 Github repositories
1 Article
9.8
CVSSv3
CVE-2021-2456
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access ...
Oracle Business Intelligence 12.2.1.4.0
1 Github repository
9.8
CVSSv3
CVE-2020-2950
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthen...
Oracle Business Intelligence 11.1.1.9.0
Oracle Business Intelligence 12.2.1.3.0
Oracle Business Intelligence 12.2.1.4.0
Oracle Business Intelligence 5.5.0.0.0
1 Github repository
9.8
CVSSv3
CVE-2019-2729
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via...
Oracle Identity Manager 11.1.2.3.0
Oracle Weblogic Server 12.1.3.0.0
Oracle Peoplesoft Enterprise Peopletools 8.56
Oracle Weblogic Server 10.3.6.0.0
Oracle Weblogic Server 12.2.1.3.0
Oracle Peoplesoft Enterprise Peopletools 8.57
Oracle Identity Manager 12.2.1.3.0
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Rapid Planning 12.1
Oracle Rapid Planning 12.2
Oracle Hyperion Infrastructure Technology 11.1.2.4
Oracle Communications Diameter Signaling Router 8.2.1
Oracle Communications Diameter Signaling Router 8.1
Oracle Communications Diameter Signaling Router 8.2
Oracle Communications Network Integrity
Oracle Tape Library Acsls 8.5
Oracle Hyperion Infrastructure Technology 11.2.5.0
Oracle Storagetek Tape Analytics Sw Tool 2.3
Oracle Communications Diameter Signaling Router 8.0
9 Github repositories
2 Articles
9.8
CVSSv3
CVE-2019-2725
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to com...
Oracle Weblogic Server 12.1.3.0.0
Oracle Peoplesoft Enterprise Peopletools 8.56
Oracle Weblogic Server 10.3.6.0.0
Oracle Peoplesoft Enterprise Peopletools 8.57
Oracle Agile Plm 9.3.3
Oracle Agile Plm 9.3.4
Oracle Agile Plm 9.3.5
Oracle Vm Virtualbox
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Tape Library Acsls 8.5
Oracle Storagetek Tape Analytics Sw Tool 2.3
Oracle Vm Virtualbox 5.2.36
Oracle Tape Virtual Storage Manager Gui 6.2
Oracle Communications Converged Application Server 7.1
Oracle Communications Converged Application Server 5.1
Oracle Communications Converged Application Server 7.0
2 EDB exploits
27 Github repositories
4 Articles
9.1
CVSSv3
CVE-2019-10744
Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
Lodash Lodash
Netapp Service Level Manager -
Netapp Active Iq Unified Manager -
Redhat Virtualization Manager 4.3
Oracle Banking Extensibility Workbench 14.4.0
Oracle Banking Extensibility Workbench 14.3.0
F5 Big-iq Centralized Management
F5 Iworkflow 2.3.0
F5 Big-iq Centralized Management 7.0.0
F5 Big-ip Analytics
F5 Big-ip Local Traffic Manager
F5 Big-ip Application Acceleration Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Access Policy Manager
F5 Big-ip Application Security Manager
F5 Big-ip Domain Name System
F5 Big-ip Fraud Protection Service
F5 Big-ip Global Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Edge Gateway
F5 Big-ip Webaccelerator
7 Github repositories
8.8
CVSSv3
CVE-2022-23302
JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBi...
Apache Log4j
Netapp Snapmanager -
Broadcom Brocade Sannav -
Qos Reload4j
Oracle Weblogic Server 12.2.1.3.0
Oracle Business Intelligence 12.2.1.3.0
Oracle Business Process Management Suite 12.2.1.3.0
Oracle Jdeveloper 12.2.1.3.0
Oracle Identity Management Suite 12.2.1.3.0
Oracle Business Intelligence 12.2.1.4.0
Oracle Weblogic Server 12.2.1.4.0
Oracle Weblogic Server 14.1.1.0.0
Oracle Enterprise Manager Base Platform 13.4.0.0
Oracle Communications Network Integrity 7.3.6
Oracle Business Process Management Suite 12.2.1.4.0
Oracle Advanced Supply Chain Planning 12.2
Oracle Advanced Supply Chain Planning 12.1
Oracle Communications Unified Inventory Management 7.4.1
Oracle Enterprise Manager Base Platform 13.5.0.0
Oracle Communications Messaging Server 8.1
Oracle Business Intelligence 5.9.0.0.0
Oracle Healthcare Foundation 8.1.0
1 Article
8.8
CVSSv3
CVE-2022-23307
CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.
Apache Chainsaw
Apache Log4j
Qos Reload4j
Oracle Weblogic Server 12.2.1.3.0
Oracle Business Intelligence 12.2.1.3.0
Oracle Business Process Management Suite 12.2.1.3.0
Oracle Jdeveloper 12.2.1.3.0
Oracle Identity Management Suite 12.2.1.3.0
Oracle Business Intelligence 12.2.1.4.0
Oracle Weblogic Server 12.2.1.4.0
Oracle Weblogic Server 14.1.1.0.0
Oracle Enterprise Manager Base Platform 13.4.0.0
Oracle Communications Network Integrity 7.3.6
Oracle Business Process Management Suite 12.2.1.4.0
Oracle Advanced Supply Chain Planning 12.2
Oracle Advanced Supply Chain Planning 12.1
Oracle Communications Unified Inventory Management 7.4.1
Oracle Enterprise Manager Base Platform 13.5.0.0
Oracle Communications Messaging Server 8.1
Oracle Business Intelligence 5.9.0.0.0
Oracle Healthcare Foundation 8.1.0
Oracle Communications Eagle Ftp Table Base Retrieval 4.5
1 Github repository
1 Article
8.6
CVSSv3
CVE-2020-14609
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web Answers). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthen...
Oracle Business Intelligence 11.1.1.9.0
Oracle Business Intelligence 12.2.1.3.0
Oracle Business Intelligence 12.2.1.4.0
Oracle Business Intelligence 5.5.0.0.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »