Oracle Global Lifecycle Management Nextgen Oui Framework vulnerabilities
6 known vulnerabilities affecting oracle/global_lifecycle_management_nextgen_oui_framework.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2023-21894HIGHCVSS 7.3fixed in 13.9.4.2.112023-01-18
CVE-2023-21894 [HIGH] CWE-284 CVE-2023-21894: Vulnerability in the Oracle Global Lifecycle Management NextGen OUI Framework product of Oracle Fusi
Vulnerability in the Oracle Global Lifecycle Management NextGen OUI Framework product of Oracle Fusion Middleware (component: NextGen Installer issues). Supported versions that are affected are Prior to 13.9.4.2.11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Global Lifecycle Management
nvd
CVE-2020-36518HIGHCVSS 7.5fixed in 13.9.4.2.2v13.9.4.2.22022-03-11
CVE-2020-36518 [HIGH] CWE-787 CVE-2020-36518: jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a lar
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
nvd
CVE-2022-23437MEDIUMCVSS 6.5fixed in 13.9.4.2.2v13.9.4.2.22022-01-24
CVE-2022-23437 [MEDIUM] CWE-835 CVE-2022-23437: There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially c
There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.
nvd
CVE-2019-17531CRITICALCVSS 9.8v12.2.1.3.0v12.2.1.4.0+1 more2019-10-12
CVE-2019-17531 [CRITICAL] CWE-502 CVE-2019-17531: A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When D
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it i
nvd
CVE-2019-16942CRITICALCVSS 9.8v12.2.1.3.0v12.2.1.4.0+1 more2019-10-01
CVE-2019-16942 [CRITICAL] CWE-502 CVE-2019-16942: A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When D
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible
nvd
CVE-2019-16943CRITICALCVSS 9.8v12.2.1.3.0v12.2.1.4.0+1 more2019-10-01
CVE-2019-16943 [CRITICAL] CWE-502 CVE-2019-16943: A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When D
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to m
nvd