A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fasterxml jackson-databind |
||
netapp oncommand api services - |
||
netapp oncommand workflow automation - |
||
netapp service level manager - |
||
fedoraproject fedora 32 |
||
quarkus quarkus |
||
apache iotdb |
||
oracle agile plm 9.3.6 |
||
oracle agile product lifecycle management integration pack 3.6 |
||
oracle banking apis |
||
oracle banking apis 19.1 |
||
oracle banking apis 19.2 |
||
oracle banking apis 20.1 |
||
oracle banking apis 21.1 |
||
oracle banking platform 2.6.2 |
||
oracle banking platform 2.7.0 |
||
oracle banking platform 2.7.1 |
||
oracle banking platform 2.8.0 |
||
oracle banking platform 2.9.0 |
||
oracle banking platform 2.10.0 |
||
oracle banking treasury management 4.4 |
||
oracle blockchain platform |
||
oracle coherence 12.2.1.4.0 |
||
oracle coherence 14.1.1.0.0 |
||
oracle commerce platform |
||
oracle commerce platform 11.2.0 |
||
oracle communications billing and revenue management 7.5.0.23.0 |
||
oracle communications billing and revenue management 12.0.0.3.0 |
||
oracle communications cloud native core unified data repository 1.4.0 |
||
oracle communications convergent charging controller 12.0.4.0.0 |
||
oracle communications evolved communications application server 7.1 |
||
oracle communications instant messaging server 10.0.1.5.0 |
||
oracle communications interactive session recorder 6.3 |
||
oracle communications interactive session recorder 6.4 |
||
oracle communications network charging and control 12.0.4.0.0 |
||
oracle communications offline mediation controller 12.0.0.3 |
||
oracle communications pricing design center 12.0.0.4.0 |
||
oracle communications services gatekeeper 7.0 |
||
oracle communications unified inventory management 7.4.1 |
||
oracle goldengate application adapters 19.1.0.0.0 |
||
oracle health sciences empirica signal 9.0 |
||
oracle health sciences empirica signal 9.1 |
||
oracle insurance policy administration |
||
oracle insurance policy administration 11.0.2 |
||
oracle insurance rules palette |
||
oracle insurance rules palette 11.0.2 |
||
oracle jd edwards enterpriseone orchestrator |
||
oracle jd edwards enterpriseone tools |
||
oracle primavera gateway |
||
oracle primavera gateway 20.12.0 |
||
oracle retail service backbone 14.1.3.2 |
||
oracle retail service backbone 15.0.3.1 |
||
oracle retail service backbone 16.0.3 |
||
oracle retail xstore point of service 16.0.6 |
||
oracle retail xstore point of service 17.0.4 |
||
oracle retail xstore point of service 18.0.3 |
||
oracle retail xstore point of service 19.0.2 |
||
oracle retail xstore point of service 20.0.1 |
||
oracle sd-wan edge 9.0 |
||
oracle utilities framework 4.3.0.5.0 |
||
oracle utilities framework 4.3.0.6.0 |
||
oracle utilities framework 4.4.0.0.0 |
||
oracle utilities framework 4.4.0.2.0 |
||
oracle utilities framework 4.4.0.3.0 |
||
oracle webcenter portal 12.2.1.3.0 |
||
oracle webcenter portal 12.2.1.4.0 |
||
oracle communications messaging server 8.0.2 |
||
oracle communications messaging server 8.1 |
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources You didn't have anything else to do this Tuesday, right?
VMware and Atlassian today disclosed critical vulnerabilities and, while neither appear to have been exploited by miscreants yet, admins should patch now to avoid disappointment. First off, a pair of issues from Atlassian. Most serious is CVE-2023-22527, a template injection flaw that can allow unauthenticated remote code execution (RCE) attacks. It scored a perfect CVSS rating of 10 out of 10 and affects Confluence Data Center and Server 8 versions released before December 5, 2023 and 8.4.5, wh...