Oracle Micros Relate Crm Software vulnerabilities

4 known vulnerabilities affecting oracle/micros_relate_crm_software.

Total CVEs

4

CISA KEV

1

actively exploited

Public exploits

1

Exploited in wild

1

Severity breakdown

CRITICAL1HIGH1MEDIUM2

Vulnerabilities

Page 1 of 1

CVE-2019-17563HIGHCVSS 7.5v11.42019-12-23

CVE-2019-17563 [HIGH] CWE-384 CVE-2019-17563: When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7 When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability.

CVE-2018-1304MEDIUMCVSS 5.9v11.42018-02-28

CVE-2018-1304 [MEDIUM] CVE-2018-1304: The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly ha The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access

CVE-2018-1305MEDIUMCVSS 6.5v11.42018-02-23

CVE-2018-1305 [MEDIUM] CVE-2018-1305: Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order Servlets were lo

CVE-2016-8735CRITICALCVSS 9.8KEVPoCv10.8v11.42017-04-06

CVE-2016-8735 [CRITICAL] CVE-2016-8735: Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8. Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential ty