Oracle Enterprise Manager Base Platform vulnerabilities

120 known vulnerabilities affecting oracle/enterprise_manager_base_platform.

Total CVEs
120
CISA KEV
1
actively exploited
Public exploits
6
Exploited in wild
1
Severity breakdown
CRITICAL14HIGH47MEDIUM59

Vulnerabilities

Page 3 of 6
CVE-2020-10969HIGHCVSS 8.8v13.3.0.0v13.4.0.02020-03-26
CVE-2020-10969 [HIGH] CWE-502 CVE-2020-10969: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadg FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.
nvd
CVE-2020-10968HIGHCVSS 8.8v13.3.0.0v13.4.0.02020-03-26
CVE-2020-10968 [HIGH] CWE-502 CVE-2020-10968: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadg FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).
nvd
CVE-2020-10673HIGHCVSS 8.8v13.3.0.0v13.4.0.02020-03-18
CVE-2020-10673 [HIGH] CWE-502 CVE-2020-10673: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadg FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).
nvd
CVE-2020-10672HIGHCVSS 8.8v13.3.0.0v13.4.0.02020-03-18
CVE-2020-10672 [HIGH] CWE-502 CVE-2020-10672: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadg FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).
nvd
CVE-2020-9546CRITICALCVSS 9.8v13.3.0.0v13.4.0.02020-03-02
CVE-2020-9546 [CRITICAL] CWE-502 CVE-2020-9546: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadg FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).
nvd
CVE-2020-9548CRITICALCVSS 9.8PoCv13.3.0.0v13.4.0.02020-03-02
CVE-2020-9548 [CRITICAL] CWE-502 CVE-2020-9548: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadg FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).
nvd
CVE-2020-9547CRITICALCVSS 9.8PoCv13.3.0.0v13.4.0.02020-03-02
CVE-2020-9547 [CRITICAL] CWE-502 CVE-2020-9547: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadg FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap).
nvd
CVE-2019-20388HIGHCVSS 7.5v13.4.0.0v13.5.0.02020-01-21
CVE-2019-20388 [HIGH] CWE-401 CVE-2019-20388: xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak. xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.
nvd
CVE-2020-7595HIGHCVSS 7.5v13.4.0.0v13.5.0.02020-01-21
CVE-2020-7595 [HIGH] CWE-835 CVE-2020-7595: xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-fi xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.
nvd
CVE-2020-5398HIGHCVSS 7.5v13.2.1.02020-01-17
CVE-2020-5398 [HIGH] CWE-79 CVE-2020-5398: In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0 In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input.
nvd
CVE-2020-5397MEDIUMCVSS 5.3v13.2.1.02020-01-17
CVE-2020-5397 [MEDIUM] CWE-352 CVE-2020-5397: Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS prefligh Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not include credentials and therefore requests should fail au
nvd
CVE-2020-2631MEDIUMCVSS 6.0v12.1.0.5v13.2.0.0+1 more2020-01-15
CVE-2020-2631 [MEDIUM] CVE-2020-2631: Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (componen Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Application Service Level Mgmt). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successfu
nvd
CVE-2020-2610MEDIUMCVSS 6.0v12.1.0.5v13.2.0.0+1 more2020-01-15
CVE-2020-2610 [MEDIUM] CVE-2020-2610: Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (componen Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful
nvd
CVE-2020-2644MEDIUMCVSS 6.0v12.1.0.5v13.2.0.0+1 more2020-01-15
CVE-2020-2644 [MEDIUM] CVE-2020-2644: Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (componen Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Oracle Management Service). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful att
nvd
CVE-2020-2620MEDIUMCVSS 6.0v12.1.0.5v13.2.0.0+1 more2020-01-15
CVE-2020-2620 [MEDIUM] CVE-2020-2620: Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (componen Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful
nvd
CVE-2020-2642MEDIUMCVSS 6.0v12.1.0.5v13.2.0.0+1 more2020-01-15
CVE-2020-2642 [MEDIUM] CVE-2020-2642: Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (componen Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks o
nvd
CVE-2020-2609MEDIUMCVSS 6.3v12.1.0.5v13.2.0.0+1 more2020-01-15
CVE-2020-2609 [MEDIUM] CVE-2020-2609: Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (componen Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful a
nvd
CVE-2020-2618MEDIUMCVSS 6.0v12.1.0.5v13.2.0.0+1 more2020-01-15
CVE-2020-2618 [MEDIUM] CVE-2020-2618: Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (componen Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful
nvd
CVE-2020-2645MEDIUMCVSS 6.0v12.1.0.5v13.2.0.0+1 more2020-01-15
CVE-2020-2645 [MEDIUM] CVE-2020-2645: Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (componen Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks o
nvd
CVE-2020-2630MEDIUMCVSS 6.0v12.1.0.5v13.2.0.0+1 more2020-01-15
CVE-2020-2630 [MEDIUM] CVE-2020-2630: Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (componen Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Extensibility Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attac
nvd
← Previous3 / 6Next →
Oracle Enterprise Manager Base Platform vulnerabilities | cvebase