Oracle Enterprise_manager_base_platform
18 CVEs affecting Oracle Enterprise_manager_base_platform. Latest disclosed: 2022-01-18. Critical: 3, High: 10.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-23305 | Critical | 9.8 | 2022-01-18 | By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLay… |
CVE-2020-9546 | Critical | 9.8 | 2020-03-02 | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zax… |
CVE-2017-5645 | Critical | 9.8 | 2017-04-17 | In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially… |
CVE-2022-23307 | High | 8.8 | 2022-01-18 | CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x whe… |
CVE-2022-23302 | High | 8.8 | 2022-01-18 | JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the… |
CVE-2020-11113 | High | 8.8 | 2020-03-31 | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistr… |
CVE-2020-11112 | High | 8.8 | 2020-03-31 | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provide… |
CVE-2020-11619 | High | 8.1 | 2020-04-07 | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.M… |
CVE-2017-10091 | High | 7.7 | 2017-08-08 | Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: UI Framework). Supported versions that… |
CVE-2021-4104 | High | 7.5 | 2021-12-14 | JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can pro… |
CVE-2017-9735 | High | 7.5 | 2017-06-16 | Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elaps… |
CVE-2017-3518 | High | 7.5 | 2017-04-24 | Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Discovery Framework). Supported versio… |
CVE-2016-2381 | High | 7.5 | 2016-04-08 | Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp. |
CVE-2016-5604 | Medium | 6.3 | 2016-10-25 | Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.5 allows local users to affect con… |
CVE-2016-3563 | Medium | 6.3 | 2016-07-21 | Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.5 allows local users to affect con… |
CVE-2021-45105 | Medium | 5.9 | 2021-12-18 | Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This a… |
CVE-2020-1971 | Medium | 5.9 | 2020-12-08 | The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a fu… |
CVE-2016-3540 | Medium | 4.3 | 2016-07-21 | Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.5 and 13.1.0.0 allows remote attac… |