Oracle Enterprise Manager vulnerabilities

CVE-2024-20916 [HIGH] CWE-284 CVE-2024-20916: Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (c Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Event Management). The supported version that is affected is 13.5.0.0. Easily exploitable vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the Oracle Enterprise Mana

CVE-2021-2008 [HIGH] CVE-2021-2008: Vulnerability in the Enterprise Manager for Fusion Middleware product of Oracle Enterprise Manager ( Vulnerability in the Enterprise Manager for Fusion Middleware product of Oracle Enterprise Manager (component: FMW Control Plugin). The supported version that is affected are 11.1.1.9 and 12.2.1.3 Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager for Fusion Middleware. Successful attac

CVE-2021-2134 [MEDIUM] CVE-2021-2134: Vulnerability in the Enterprise Manager for Fusion Middleware product of Oracle Enterprise Manager ( Vulnerability in the Enterprise Manager for Fusion Middleware product of Oracle Enterprise Manager (component: FMW Control Plugin). The supported version that is affected is 12.2.1.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager for Fusion Middleware. Successful attacks of this v

CVE-2020-2640 [MEDIUM] CVE-2020-2640: Vulnerability in the Enterprise Manager for Oracle Database product of Oracle Enterprise Manager (co Vulnerability in the Enterprise Manager for Oracle Database product of Oracle Enterprise Manager (component: Target Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful

CVE-2020-2638 [MEDIUM] CVE-2020-2638: Vulnerability in the Enterprise Manager for Oracle Database product of Oracle Enterprise Manager (co Vulnerability in the Enterprise Manager for Oracle Database product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database.

CVE-2020-2641 [MEDIUM] CVE-2020-2641: Vulnerability in the Enterprise Manager for Oracle Database product of Oracle Enterprise Manager (co Vulnerability in the Enterprise Manager for Oracle Database product of Oracle Enterprise Manager (component: Discovery Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successf

CVE-2020-2637 [MEDIUM] CVE-2020-2637: Vulnerability in the Enterprise Manager for Oracle Database product of Oracle Enterprise Manager (co Vulnerability in the Enterprise Manager for Oracle Database product of Oracle Enterprise Manager (component: Change Manager - web based). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. S

CVE-2019-2895 [HIGH] CVE-2019-2895: Vulnerability in the Enterprise Manager for Exadata product of Oracle Enterprise Manager (component: Vulnerability in the Enterprise Manager for Exadata product of Oracle Enterprise Manager (component: Exadata Plug-In Deploy and Ins). Supported versions that are affected are 12.1.0.5.0, 13.2.2.0.0, 13.3.1.0.0 and 13.3.2.0.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager for Exada

CVE-2018-11040 [HIGH] CWE-829 CVE-2018-11040: Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported vers Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framewor

CVE-2013-3758 [MEDIUM] CVE-2013-3758: Unspecified vulnerability in the Enterprise Manager (EM) Base Platform 10.2.0.5 and 11.1.0.1; EM DB Unspecified vulnerability in the Enterprise Manager (EM) Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.2 and 12.1.0.3 in Oracle Enterprise Manager Grid Control allows remote attackers to affect integrity via unknown vectors related to Schema Management.

CVE-2013-3791 [MEDIUM] CVE-2013-3791: Unspecified vulnerability in Enterprise Manager (EM) Base Platform 10.2.0.5 and EM DB Control 11.1.0 Unspecified vulnerability in Enterprise Manager (EM) Base Platform 10.2.0.5 and EM DB Control 11.1.0.7 in Oracle Enterprise Manager Grid Control allows remote attackers to affect integrity via unknown vectors related to User Interface Framework.

CVE-2009-1967 [MEDIUM] CVE-2009-1967: Unspecified vulnerability in the Config Management component in (1) Oracle Database 11.1.0.7 and (2) Unspecified vulnerability in the Config Management component in (1) Oracle Database 11.1.0.7 and (2) Oracle Enterprise Manager 10.2.0.4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-1966.

CVE-2009-1966 [MEDIUM] CVE-2009-1966: Unspecified vulnerability in the Config Management component in (1) Oracle Database 11.1.0.7 and (2) Unspecified vulnerability in the Config Management component in (1) Oracle Database 11.1.0.7 and (2) Oracle Enterprise Manager 10.2.0.4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-1967.

CVE-2008-2603 [LOW] CVE-2008-2603: Unspecified vulnerability in the Resource Manager component in Oracle Database 10.1.0.5, 10.2.0.4, a Unspecified vulnerability in the Resource Manager component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6, and Database Control in Enterprise Manager, has unknown impact and remote authenticated attack vectors. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this is a cr

CVE-2007-5531 [CRITICAL] CVE-2007-5531: Unspecified vulnerability in Oracle Help for Web, as used in Oracle Application Server, Oracle Datab Unspecified vulnerability in Oracle Help for Web, as used in Oracle Application Server, Oracle Database 10.2.0.3, and Enterprise Manager 10.1.0.6, has unknown impact and remote attack vectors, aka EM02.

CVE-2007-2129 [CRITICAL] CVE-2007-2129: Unspecified vulnerability in the Agent component in Oracle Enterprise Manager 9.2.0.8 has unknown im Unspecified vulnerability in the Agent component in Oracle Enterprise Manager 9.2.0.8 has unknown impact and remote attack vectors, aka EM01.

CVE-2007-0292 [HIGH] CVE-2007-0292: Multiple unspecified vulnerabilities in Oracle Enterprise Manager 10.1.0.5 have unknown impact and a Multiple unspecified vulnerabilities in Oracle Enterprise Manager 10.1.0.5 have unknown impact and attack vectors related to Oracle Agent, aka (1) EM01 and (2) EM02. NOTE: EM05 might be related to CVE-2007-0222.

CVE-2007-0293 [MEDIUM] CVE-2007-0293: Multiple unspecified vulnerabilities in Oracle Enterprise Manager 10.1.0.5 and 10.2.0.1 have unknown Multiple unspecified vulnerabilities in Oracle Enterprise Manager 10.1.0.5 and 10.2.0.1 have unknown impact and attack vectors related to (1) Oracle Agent (EM03) and (2) EM04 and (3) EM05 in Enterprise Manager Console. NOTE: EM05 might be related to CVE-2007-0222.

CVE-2007-0294 [LOW] CVE-2007-0294: Unspecified vulnerability in Oracle Enterprise Manager 10.2.0.1 has unknown impact and attack vector Unspecified vulnerability in Oracle Enterprise Manager 10.2.0.1 has unknown impact and attack vectors related to Database Cloning & Data Guard Management, aka EM06.

CVE-2006-3721 [CRITICAL] CVE-2006-3721: Multiple unspecified vulnerabilities in Oracle Management Service for Oracle Enterprise Manager 10.1 Multiple unspecified vulnerabilities in Oracle Management Service for Oracle Enterprise Manager 10.1.0.5 and 10.2.0.1 have unknown impact and attack vectors, aka Oracle Vuln# EM03 and EM04.