A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fasterxml jackson-databind |
||
netapp oncommand workflow automation - |
||
netapp service level manager - |
||
netapp oncommand api services - |
||
fedoraproject fedora 32 |
||
quarkus quarkus |
||
apache iotdb |
||
oracle webcenter portal 12.2.1.3.0 |
||
oracle banking platform 2.6.2 |
||
oracle utilities framework 4.3.0.5.0 |
||
oracle utilities framework 4.3.0.6.0 |
||
oracle utilities framework 4.4.0.0.0 |
||
oracle agile plm 9.3.6 |
||
oracle coherence 12.2.1.4.0 |
||
oracle webcenter portal 12.2.1.4.0 |
||
oracle sd-wan edge 9.0 |
||
oracle coherence 14.1.1.0.0 |
||
oracle utilities framework 4.4.0.2.0 |
||
oracle communications billing and revenue management 12.0.0.3.0 |
||
oracle communications billing and revenue management 7.5.0.23.0 |
||
oracle communications services gatekeeper 7.0 |
||
oracle banking platform 2.7.0 |
||
oracle banking platform 2.7.1 |
||
oracle banking platform 2.9.0 |
||
oracle communications evolved communications application server 7.1 |
||
oracle goldengate application adapters 19.1.0.0.0 |
||
oracle retail service backbone 16.0.3 |
||
oracle banking platform 2.8.0 |
||
oracle primavera gateway |
||
oracle insurance rules palette 11.0.2 |
||
oracle communications interactive session recorder 6.3 |
||
oracle communications interactive session recorder 6.4 |
||
oracle communications messaging server 8.1 |
||
oracle communications messaging server 8.0.2 |
||
oracle commerce platform |
||
oracle commerce platform 11.2.0 |
||
oracle communications unified inventory management 7.4.1 |
||
oracle retail xstore point of service 16.0.6 |
||
oracle retail xstore point of service 17.0.4 |
||
oracle retail xstore point of service 18.0.3 |
||
oracle retail xstore point of service 19.0.2 |
||
oracle retail xstore point of service 20.0.1 |
||
oracle health sciences empirica signal 9.0 |
||
oracle banking platform 2.10.0 |
||
oracle retail service backbone 15.0.3.1 |
||
oracle retail service backbone 14.1.3.2 |
||
oracle jd edwards enterpriseone tools |
||
oracle jd edwards enterpriseone orchestrator |
||
oracle insurance rules palette |
||
oracle insurance policy administration |
||
oracle insurance policy administration 11.0.2 |
||
oracle banking treasury management 4.4 |
||
oracle primavera gateway 20.12.0 |
||
oracle communications cloud native core unified data repository 1.4.0 |
||
oracle communications network charging and control 12.0.4.0.0 |
||
oracle communications convergent charging controller 12.0.4.0.0 |
||
oracle utilities framework 4.4.0.3.0 |
||
oracle health sciences empirica signal 9.1 |
||
oracle agile product lifecycle management integration pack 3.6 |
||
oracle communications pricing design center 12.0.0.4.0 |
||
oracle banking apis |
||
oracle banking apis 19.1 |
||
oracle banking apis 19.2 |
||
oracle banking apis 20.1 |
||
oracle banking apis 21.1 |
||
oracle communications instant messaging server 10.0.1.5.0 |
||
oracle communications offline mediation controller 12.0.0.3 |
||
oracle blockchain platform |
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources You didn't have anything else to do this Tuesday, right?
VMware and Atlassian today disclosed critical vulnerabilities and, while neither appear to have been exploited by miscreants yet, admins should patch now to avoid disappointment. First off, a pair of issues from Atlassian. Most serious is CVE-2023-22527, a template injection flaw that can allow unauthenticated remote code execution (RCE) attacks. It scored a perfect CVSS rating of 10 out of 10 and affects Confluence Data Center and Server 8 versions released before December 5, 2023 and 8.4.5, wh...