Oracle Knowledge vulnerabilities

CVE-2020-2931 [CRITICAL] CVE-2020-2931: Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Web Applications - Inf Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Web Applications - InfoCenter). Supported versions that are affected are 8.6.0-8.6.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successful attacks of this vulnerability can result in takeover of Or

CVE-2020-2791 [CRITICAL] CVE-2020-2791: Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Co Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Supported versions that are affected are 8.6.0-8.6.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successful attacks of this vulnerability can result in takeover of Orac

CVE-2020-2553 [MEDIUM] CVE-2020-2553: Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Co Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Supported versions that are affected are 8.6.0-8.6.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successful attacks of this vulnerability can result in unauthorized upd

CVE-2020-2522 [MEDIUM] CVE-2020-2522: Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Co Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Supported versions that are affected are 8.6.0-8.6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successful attacks require human interaction from a person other than the

CVE-2020-2524 [MEDIUM] CVE-2020-2524: Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: InQuira Search). Suppo Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: InQuira Search). Supported versions that are affected are 8.6.0-8.6.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successful attacks of this vulnerability can result in unauthorized ability to cause

CVE-2020-2795 [MEDIUM] CVE-2020-2795: Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Co Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Supported versions that are affected are 8.6.0-8.6.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Knowledge executes to compromise Oracle Knowledge. Successful attacks require human in

CVE-2020-2932 [MEDIUM] CVE-2020-2932: Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Co Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Supported versions that are affected are 8.6.0-8.6.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successful attacks of this vulnerability can result in unauthorized abi

CVE-2019-0227 [HIGH] CWE-918 CVE-2019-0227: A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that wa A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to t

CVE-2019-11358 [MEDIUM] CWE-1321 CVE-2019-11358: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(t jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.

CVE-2018-8032 [MEDIUM] CWE-79 CVE-2018-8032: Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.

CVE-2016-3475 [MEDIUM] CVE-2016-3475: Unspecified vulnerability in the Oracle Knowledge component in Oracle Siebel CRM 8.5.x allows remote Unspecified vulnerability in the Oracle Knowledge component in Oracle Siebel CRM 8.5.x allows remote authenticated users to affect confidentiality via vectors related to Information Manager Console.

CVE-2016-3476 [MEDIUM] CVE-2016-3476: Unspecified vulnerability in the Oracle Knowledge component in Oracle Siebel CRM 8.5.x allows remote Unspecified vulnerability in the Oracle Knowledge component in Oracle Siebel CRM 8.5.x allows remote attackers to affect confidentiality and integrity via vectors related to Information Manager Console.