Oracle Agile Plm vulnerabilities
70 known vulnerabilities affecting oracle/agile_plm.
Total CVEs
70
CISA KEV
4
actively exploited
Public exploits
7
Exploited in wild
4
Severity breakdown
CRITICAL6HIGH41MEDIUM23
Vulnerabilities
Page 4 of 4
CVE-2019-17569MEDIUMCVSS 4.8v9.3.3v9.3.5+1 more2020-02-24
CVE-2019-17569 [MEDIUM] CWE-444 CVE-2019-17569: The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 int
The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the inval
nvd
CVE-2019-10219MEDIUMCVSS 6.1v9.3.3v9.3.62019-11-08
CVE-2019-10219 [MEDIUM] CWE-79 CVE-2019-10219: A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properl
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
nvd
CVE-2019-10086HIGHCVSS 7.3v9.3.3v9.3.5+1 more2019-08-20
CVE-2019-10086 [HIGH] CWE-502 CVE-2019-10086: In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressi
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.
nvd
CVE-2019-2725CRITICALCVSS 9.8KEVPoCv9.3.3v9.3.4+1 more2019-04-26
CVE-2019-2725 [CRITICAL] CWE-74 CVE-2019-2725: Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability
nvd
CVE-2018-15756HIGHCVSS 7.5v9.3.3v9.3.4+2 more2018-10-18
CVE-2018-15756 [HIGH] CVE-2018-15756: Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and o
Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious u
nvd
CVE-2018-11039MEDIUMCVSS 5.9v9.3.3v9.3.4+2 more2018-06-25
CVE-2018-11039 [MEDIUM] CVE-2018-11039: Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupport
Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filt
nvd
CVE-2018-1258HIGHCVSS 8.8v9.3.3v9.3.4+2 more2018-05-11
CVE-2018-1258 [HIGH] CWE-863 CVE-2018-1258: Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contain
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.
nvd
CVE-2017-12617HIGHCVSS 8.1KEVPoCv9.3.3v9.3.4+2 more2017-10-04
CVE-2017-12617 [HIGH] CWE-434 CVE-2017-12617: When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code
nvd
CVE-2017-10039MEDIUMCVSS 6.8v9.3.5v9.3.62017-08-08
CVE-2017-10039 [MEDIUM] CVE-2017-10039: Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent:
Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Web Client). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks require human interaction from a person oth
nvd
CVE-2016-8735CRITICALCVSS 9.8KEVPoCv9.3.5v9.3.62017-04-06
CVE-2016-8735 [CRITICAL] CVE-2016-8735: Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.
Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential ty
nvd
← Previous4 / 4