Oracle Business Process Management Suite vulnerabilities

CVE-2022-23305 [CRITICAL] CWE-89 CVE-2022-23305: By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter whe By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that ar

CVE-2022-23302 [HIGH] CVE-2022-23302: JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the att JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in r

CVE-2022-23307 [HIGH] CVE-2022-23307: CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chain CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.

CVE-2021-4104 [HIGH] CWE-502 CVE-2021-4104: JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has wr JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228.

CVE-2021-37714 [HIGH] CWE-248 CVE-2021-37714: jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse u jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw a

CVE-2021-35515 [HIGH] CWE-834 CVE-2021-35515: When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package.

CVE-2021-36090 [HIGH] CWE-130 CVE-2021-36090: When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memo When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package.

CVE-2021-35517 [HIGH] CWE-130 CVE-2021-35517: When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memo When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar package.

CVE-2021-35516 [HIGH] CWE-130 CVE-2021-35516: When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memor When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' sevenz package.

CVE-2020-17521 [MEDIUM] CVE-2020-17521: Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this f Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the extension methods mentioned in the advisory are not affected,

CVE-2020-1945 [MEDIUM] CWE-668 CVE-2020-1945: Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source file

CVE-2020-10683 [CRITICAL] CWE-611 CVE-2020-10683: dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, whi dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.

CVE-2020-1950 [MEDIUM] CWE-400 CVE-2020-1950: A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23.

CVE-2020-1951 [MEDIUM] CWE-835 CVE-2020-1951: A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in ver A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23.

CVE-2019-10219 [MEDIUM] CWE-79 CVE-2019-10219: A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properl A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.

CVE-2019-2904 [CRITICAL] CVE-2019-2904: Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF F Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks of this vulnerabil

CVE-2019-17359 [HIGH] CWE-770 CVE-2019-17359: The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory all The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64.

CVE-2019-2706 [HIGH] CVE-2019-2706: Vulnerability in the Oracle Business Process Management Suite component of Oracle Fusion Middleware Vulnerability in the Oracle Business Process Management Suite component of Oracle Fusion Middleware (subcomponent: BPM Foundation Services). The supported version that is affected is 11.1.1.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Process Management Suite. Successful attacks

CVE-2019-11358 [MEDIUM] CWE-1321 CVE-2019-11358: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(t jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.

CVE-2018-14718 [CRITICAL] CWE-502 CVE-2018-14718: FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code b FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.