Oracle Fusion Middleware vulnerabilities

310 known vulnerabilities affecting oracle/fusion_middleware.

Total CVEs

310

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL7HIGH29MEDIUM207LOW67

Vulnerabilities

Page 6 of 16

CVE-2014-6499MEDIUMCVSS 6.8v10.0.2v10.3.6+3 more2014-10-15

CVE-2014-6499 [MEDIUM] CVE-2014-6499: Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2 Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to WebLogic Tuxedo Connector.

nvd

CVE-2014-6552MEDIUMCVSS 4.3v11.1.1.5.0v11.1.1.7.0+2 more2014-10-15

CVE-2014-6552 [MEDIUM] CVE-2014-6552: Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1. Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to affect integrity via unknown vectors related to Admin Console.

nvd

CVE-2014-6522MEDIUMCVSS 4.3v11.1.1.7.0v11.1.2.4.0+2 more2014-10-15

CVE-2014-6522 [MEDIUM] CVE-2014-6522: Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.1.7, 1 Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.1.7, 11.1.2.4, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect integrity via vectors related to ADF Faces.

nvd

CVE-2014-6487LOWCVSS 3.5v11.1.1.5.0v11.1.1.7.0+2 more2014-10-15

CVE-2014-6487 [LOW] CVE-2014-6487: Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1. Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote authenticated users to affect integrity via unknown vectors related to End User Self Service.

nvd

CVE-2014-4257HIGHCVSS 7.1v11.1.1.7.0v11.1.1.8.02014-07-17

CVE-2014-4257 [HIGH] CVE-2014-4257: Unspecified vulnerability in the Oracle WebCenter Portal component in Oracle Fusion Middleware 11.1. Unspecified vulnerability in the Oracle WebCenter Portal component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.8.0 allows remote attackers to affect confidentiality via unknown vectors related to Portlet Services.

nvd

CVE-2014-4211MEDIUMCVSS 5.0v11.1.1.7.0v11.1.1.8.02014-07-17

CVE-2014-4211 [MEDIUM] CVE-2014-4211: Unspecified vulnerability in the Oracle WebCenter Portal component in Oracle Fusion Middleware 11.1. Unspecified vulnerability in the Oracle WebCenter Portal component in Oracle Fusion Middleware 11.1.1.7 and 11.1.1.8 allows remote attackers to affect integrity via unknown vectors related to Portlet Services.

nvd

CVE-2014-4253MEDIUMCVSS 5.0v10.0.2v10.3.6+2 more2014-07-17

CVE-2014-4253 [MEDIUM] CVE-2014-4253: Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2 Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect availability via vectors related to WebLogic Server JVM.

nvd

CVE-2014-2481MEDIUMCVSS 6.8v10.0.2v10.3.6+2 more2014-07-17

CVE-2014-2481 [MEDIUM] CVE-2014-2481: Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2 Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2014-2480.

nvd

CVE-2014-4256MEDIUMCVSS 5.8v10.0.2v10.3.6+2 more2014-07-17

CVE-2014-4256 [MEDIUM] CVE-2014-4256: Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2 Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality and integrity via vectors related to WLS - Deployment.

nvd

CVE-2014-2493MEDIUMCVSS 6.4v11.1.1.7.0v11.1.2.4.0+1 more2014-07-17

CVE-2014-2493 [MEDIUM] CVE-2014-2493: Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.1.7.0, Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.2.4.0, and 12.1.2.0.0 allows remote attackers to affect confidentiality and availability via vectors related to ADF Faces.

nvd

CVE-2014-4212MEDIUMCVSS 4.3v11.1.1.7.02014-07-17

CVE-2014-4212 [MEDIUM] CVE-2014-4212: Unspecified vulnerability in the Oracle Fusion Middleware component in Oracle Fusion Middleware 11.1 Unspecified vulnerability in the Oracle Fusion Middleware component in Oracle Fusion Middleware 11.1.1.7 allows remote attackers to affect confidentiality via unknown vectors related to Process Mgmt and Notification.

nvd

CVE-2014-4242MEDIUMCVSS 4.3v10.0.2v10.3.6+2 more2014-07-17

CVE-2014-4242 [MEDIUM] CVE-2014-4242: Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2 Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect integrity via unknown vectors related to Console.

nvd

CVE-2014-4210MEDIUMCVSS 5.0PoCv10.0.2v10.3.62014-07-17

CVE-2014-4210 [MEDIUM] CVE-2014-4210: Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2 Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect confidentiality via vectors related to WLS - Web Services.

nvd

CVE-2014-4249MEDIUMCVSS 5.0v11.1.1.7.02014-07-17

CVE-2014-4249 [MEDIUM] CVE-2014-4249: Unspecified vulnerability in the BI Publisher component in Oracle Fusion Middleware 11.1.1.7 allows Unspecified vulnerability in the BI Publisher component in Oracle Fusion Middleware 11.1.1.7 allows remote attackers to affect confidentiality via unknown vectors related to Mobile Service.

nvd

CVE-2014-4201MEDIUMCVSS 5.0v10.3.6v12.1.1+1 more2014-07-17

CVE-2014-4201 [MEDIUM] CVE-2014-4201: Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6 Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect availability via vectors related to WLS - Web Services.

nvd

CVE-2014-4217MEDIUMCVSS 4.3v10.0.2v10.3.6+1 more2014-07-17

CVE-2014-4217 [MEDIUM] CVE-2014-4217: Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2 Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, and 12.1.1.0 allows remote attackers to affect integrity via vectors related to WLS - Web Services.

nvd

CVE-2014-2479MEDIUMCVSS 6.8v10.0.2v10.3.6+2 more2014-07-17

CVE-2014-2479 [MEDIUM] CVE-2014-2479: Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2 Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS - Web Services.

nvd

CVE-2014-4254MEDIUMCVSS 6.8v10.3.6v12.1.1+1 more2014-07-17

CVE-2014-4254 [MEDIUM] CVE-2014-4254: Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6 Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS - Web Services.

nvd

CVE-2014-4255MEDIUMCVSS 6.8v10.3.6v12.1.1+1 more2014-07-17

CVE-2014-4255 [MEDIUM] CVE-2014-4255: Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6 Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS - Security and Policy.

nvd

CVE-2014-4241MEDIUMCVSS 4.3v10.0.2v10.3.62014-07-17

CVE-2014-4241 [MEDIUM] CVE-2014-4241: Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2 Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect integrity via vectors related to WLS - Web Services.

nvd

← Previous6 / 16Next →