Oracle Transportation_management
27 CVEs affecting Oracle Transportation_management. Latest disclosed: 2022-10-18. Critical: 2, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-1938 | Critical | 9.8 | 2020-02-24 | When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having hig… |
CVE-2016-8735 | Critical | 9.8 | 2017-04-06 | Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRe… |
CVE-2017-12617 | High | 8.1 | 2017-10-04 | When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the re… |
CVE-2019-17563 | High | 7.5 | 2019-12-23 | When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could per… |
CVE-2016-3470 | High | 7.1 | 2016-07-21 | Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.4.1 allows remote authenticated users to af… |
CVE-2020-9484 | High | 7.0 | 2020-05-20 | When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the con… |
CVE-2019-2487 | Medium | 6.5 | 2019-01-16 | Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: UI Infrastructure). Supported versions tha… |
CVE-2018-2823 | Medium | 6.5 | 2018-04-19 | Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: Database). The supported version that is a… |
CVE-2022-21480 | Medium | 6.1 | 2022-04-19 | Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: User Interface). Supported versions that are affected are 6.4… |
CVE-2019-2709 | Medium | 6.1 | 2019-04-23 | Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are aff… |
CVE-2019-11358 | Medium | 6.1 | 2019-04-20 | jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an… |
CVE-2017-3530 | Medium | 6.1 | 2017-04-24 | Vulnerability in the Oracle Transportation Manager component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affect… |
CVE-2022-39420 | Medium | 5.4 | 2022-10-18 | Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: Data, Functional Security). Supported versions that are affect… |
CVE-2022-21591 | Medium | 5.4 | 2022-10-18 | Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: UI Infrastructure). Supported versions that are affected are 6… |
CVE-2021-35616 | Medium | 5.4 | 2021-10-20 | Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: UI Infrastructure). The supported version that is affected is… |
CVE-2020-2744 | Medium | 5.4 | 2020-04-15 | Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: Security). Supported versions that are affected are 6.3.7, 6.4… |
CVE-2018-2662 | Medium | 5.4 | 2018-01-18 | Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are aff… |
CVE-2017-10032 | Medium | 5.4 | 2017-08-08 | Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: Access Control List). Supported versions t… |
CVE-2021-2476 | Medium | 5.3 | 2021-10-20 | Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: Authentication). The supported version that is affected is 6.4… |
CVE-2015-3195 | Medium | 5.3 | 2015-12-06 | The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mis… |