Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

oracle primavera unifier 15.0 vulnerabilities and exploits

(subscribe to this query)
8.1
CVSSv3

CVE-2018-2620

Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Platform). Supported versions that are affected are 10.x, 15.x, 16.x and 17.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP...
Oracle Primavera Unifier 10.0Oracle Primavera Unifier 10.1Oracle Primavera Unifier 15.0Oracle Primavera Unifier 15.1Oracle Primavera Unifier 15.2Oracle Primavera Unifier 16.0Oracle Primavera Unifier 16.1Oracle Primavera Unifier 16.2Oracle Primavera Unifier 17.0
8.1
CVSSv3

CVE-2020-11620

FasterXML jackson-databind 2.x prior to 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).
Fasterxml Jackson-databindDebian Debian Linux 8.0Netapp Active Iq Unified ManagerNetapp Steelstore Cloud Integrated Storage -Oracle Banking PlatformOracle Communications Contacts Server 8.0.0.4.0Oracle Communications Evolved Communications Application Server 7.1Oracle Communications Instant Messaging Server 10.0.1.4.0Oracle Communications Network Charging And ControlOracle Communications Network Charging And Control 6.0.1Oracle Enterprise Manager Base Platform 13.3.0.0Oracle Enterprise Manager Base Platform 13.4.0.0
8.1
CVSSv3

CVE-2020-11619

FasterXML jackson-databind 2.x prior to 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).
Fasterxml Jackson-databindDebian Debian Linux 8.0Netapp Active Iq Unified ManagerNetapp Steelstore Cloud Integrated Storage -Oracle Agile Plm 9.3.6Oracle Banking PlatformOracle Communications Calendar Server 8.0.0.4.0Oracle Communications Contacts Server 8.0.0.4.0Oracle Communications Contacts Server 8.0.0.5.0Oracle Communications Diameter Signaling RouterOracle Communications Evolved Communications Application Server 7.1Oracle Communications Instant Messaging Server 10.0.1.4.0
9.8
CVSSv3

CVE-2019-14540

A Polymorphic Typing issue exists in FasterXML jackson-databind prior to 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
Fasterxml Jackson-databindNetapp Oncommand Api Services -Netapp Oncommand Workflow Automation -Netapp Steelstore Cloud Integrated Storage -Fedoraproject Fedora 30Fedoraproject Fedora 31Debian Debian Linux 8.0Debian Debian Linux 9.0Debian Debian Linux 10.0Redhat Jboss Enterprise Application Platform 7.2Redhat Jboss Enterprise Application Platform 7.3Oracle Banking Platform 2.4.0
9.8
CVSSv3

CVE-2020-9547

FasterXML jackson-databind 2.x prior to 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap).
Fasterxml Jackson-databindNetapp Active Iq Unified ManagerDebian Debian Linux 8.0Oracle Autovue For Agile Product Lifecycle Management 21.0.2Oracle Banking PlatformOracle Communications Contacts Server 8.0.0.4.0Oracle Communications Evolved Communications Application Server 7.1Oracle Communications Instant Messaging Server 10.0.1.4.0Oracle Communications Network Charging And ControlOracle Communications Network Charging And Control 6.0.1Oracle Enterprise Manager Base Platform 13.3.0.0Oracle Enterprise Manager Base Platform 13.4.0.0
8.8
CVSSv3

CVE-2020-11111

FasterXML jackson-databind 2.x prior to 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).
Fasterxml Jackson-databindDebian Debian Linux 8.0Netapp Steelstore Cloud Integrated Storage -Oracle Agile Plm 9.3.6Oracle Autovue For Agile Product Lifecycle Management 21.0.2Oracle Banking Digital Experience 18.1Oracle Banking Digital Experience 18.2Oracle Banking Digital Experience 18.3Oracle Banking Digital Experience 19.1Oracle Banking Digital Experience 19.2Oracle Banking Digital Experience 20.1Oracle Banking Platform
9.8
CVSSv3

CVE-2020-9548

FasterXML jackson-databind 2.x prior to 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).
Fasterxml Jackson-databindNetapp Active Iq Unified ManagerDebian Debian Linux 8.0Oracle Agile Plm 9.3.6Oracle Autovue For Agile Product Lifecycle Management 21.0.2Oracle Banking Digital Experience 18.1Oracle Banking Digital Experience 18.2Oracle Banking Digital Experience 18.3Oracle Banking Digital Experience 19.1Oracle Banking Digital Experience 19.2Oracle Banking Digital Experience 20.1Oracle Banking Platform
9.8
CVSSv3

CVE-2018-14720

FasterXML jackson-databind 2.x prior to 2.9.7 might allow malicious users to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.
Fasterxml Jackson-databindFasterxml Jackson-databind 2.7.0Fasterxml Jackson-databind 2.8.0Fasterxml Jackson-databind 2.9.0Debian Debian Linux 8.0Debian Debian Linux 9.0Oracle Banking Platform 2.5.0Oracle Banking Platform 2.6.0Oracle Banking Platform 2.6.1Oracle Banking Platform 2.6.2Oracle Communications Billing And Revenue Management 7.5Oracle Communications Billing And Revenue Management 12.0
10
CVSSv3

CVE-2018-14721

FasterXML jackson-databind 2.x prior to 2.9.7 might allow remote malicious users to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.
Fasterxml Jackson-databindFasterxml Jackson-databind 2.7.0Fasterxml Jackson-databind 2.8.0Fasterxml Jackson-databind 2.9.0Debian Debian Linux 8.0Debian Debian Linux 9.0Oracle Banking Platform 2.5.0Oracle Banking Platform 2.6.0Oracle Banking Platform 2.6.1Oracle Banking Platform 2.6.2Oracle Communications Billing And Revenue Management 7.5Oracle Communications Billing And Revenue Management 12.0
9.8
CVSSv3

CVE-2018-14719

FasterXML jackson-databind 2.x prior to 2.9.7 might allow remote malicious users to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.
Fasterxml Jackson-databindDebian Debian Linux 8.0Debian Debian Linux 9.0Oracle Banking Platform 2.5.0Oracle Banking Platform 2.6.0Oracle Banking Platform 2.6.1Oracle Banking Platform 2.6.2Oracle Business Process Management Suite 12.1.3.0.0Oracle Business Process Management Suite 12.2.1.3.0Oracle Clusterware 12.1.0.2.0Oracle Communications Billing And Revenue Management 7.5Oracle Communications Billing And Revenue Management 12.0
Preferred Score:
CVSSv4
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2024-9182CVE-2025-4761CVE-2025-1289XML injectiond-linkCVE-2025-4427cameralocalgenesis64ibmCVE-2025-47161spotipyCVE-2023-21563
Home
/
Search Results
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook