Oracle Webcenter_portal
90 CVEs affecting Oracle Webcenter_portal. Latest disclosed: 2024-04-16. Critical: 17, High: 48.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2018-14721 | Critical | 10.0 | 2019-01-02 | FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block t… |
CVE-2020-10683 | Critical | 9.8 | 2020-05-01 | dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular exte… |
CVE-2020-2555 | Critical | 9.8 | 2020-01-15 | Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are… |
CVE-2019-20330 | Critical | 9.8 | 2020-01-03 | FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking. |
CVE-2019-17531 | Critical | 9.8 | 2019-10-12 | A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific… |
CVE-2019-16943 | Critical | 9.8 | 2019-10-01 | A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific… |
CVE-2019-16942 | Critical | 9.8 | 2019-10-01 | A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific… |
CVE-2019-10173 | Critical | 9.8 | 2019-07-23 | It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been… |
CVE-2018-19362 | Critical | 9.8 | 2019-01-02 | FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from po… |
CVE-2018-19361 | Critical | 9.8 | 2019-01-02 | FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic… |
CVE-2018-19360 | Critical | 9.8 | 2019-01-02 | FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from… |
CVE-2018-14720 | Critical | 9.8 | 2019-01-02 | FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK c… |
CVE-2018-14719 | Critical | 9.8 | 2019-01-02 | FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds… |
CVE-2018-14718 | Critical | 9.8 | 2019-01-02 | FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from poly… |
CVE-2018-1000613 | Critical | 9.8 | 2018-07-09 | Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controll… |
CVE-2017-7525 | Critical | 9.8 | 2018-02-06 | A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform… |
CVE-2017-15095 | Critical | 9.8 | 2018-02-06 | A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code ex… |
CVE-2020-11113 | High | 8.8 | 2020-03-31 | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistr… |
CVE-2020-14611 | High | 8.6 | 2020-07-15 | Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Composer). Supported versions that are affected are 12.2.1.3.0 and… |
CVE-2021-39152 | High | 8.5 | 2021-08-23 | XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data fro… |