Published: 06/04/2017 Updated: 23/07/2022

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Rogue Wave JViews prior to 8.8 patch 21 and 8.9 before patch 1 allows remote malicious users to execute arbitrary Java code that exists in the classpath, such as test code or administration code. The issue exists because the ilog.views.faces.IlvFacesController servlet in jviews-framework-all.jar does not require explicit configuration of servlets that can be called.

Vulnerable Product	Search on Vulmon	Subscribe to Product
perforce jviews
perforce jviews 8.9
oracle data integrator 12.2.1.3.0
oracle data integrator 12.2.1.4.0

Old bugs, new bugs, red bugs … yes, it's Oracle mega-update day again

The Register • Richard Chirgwin • 18 Jan 2019

Out of 284 flaws, 33 are rated critical. Big Red admins have big patches ahead Thought Patch Tuesday was a load? You gotta check out this Oracle mega-advisory, then

Oracle admins, here's your first critical patch advisory for 2019, and it's a doozy: a total of 284 vulnerabilities patched across Big Red's product range, and 33 of them are rated “critical”. We hope your support contracts are up-to-date to receive these fixes. The full list is here, and with so much to choose from, The Register will work through the top-rated bugs. Oracle Communications Applications (OCA) is home to nine of the vulnerabilities in various components: Oracle E-Business' Perf...

CVE-2015-8965

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect