Oracle Storagetek Tape Analytics Sw Tool vulnerabilities
11 known vulnerabilities affecting oracle/storagetek_tape_analytics_sw_tool.
Total CVEs
11
CISA KEV
3
actively exploited
Public exploits
5
Exploited in wild
5
Severity breakdown
CRITICAL4MEDIUM6LOW1
Vulnerabilities
Page 1 of 1
CVE-2020-5421MEDIUMCVSS 6.5v2.32020-09-19
CVE-2020-5421 [MEDIUM] CVE-2020-5421: In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and olde
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
nvd
CVE-2020-10683CRITICALCVSS 9.8v2.32020-05-01
CVE-2020-10683 [CRITICAL] CWE-611 CVE-2020-10683: dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, whi
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.
nvd
CVE-2020-11023MEDIUMCVSS 6.1KEVPoCv2.3.12020-04-29
CVE-2020-11023 [MEDIUM] CWE-79 CVE-2020-11023: In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option>
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
nvd
CVE-2020-9488LOWCVSS 3.7v2.3.12020-04-27
CVE-2020-9488 [LOW] CWE-295 CVE-2020-9488: Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allo
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1
nvd
CVE-2019-3738MEDIUMCVSS 6.5v2.32019-09-18
CVE-2019-3738 [MEDIUM] CWE-325 CVE-2019-3738: RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step v
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key.
nvd
CVE-2019-3740MEDIUMCVSS 6.5v2.32019-09-18
CVE-2019-3740 [MEDIUM] CWE-310 CVE-2019-3740: RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys.
nvd
CVE-2019-3739MEDIUMCVSS 6.5v2.32019-09-18
CVE-2019-3739 [MEDIUM] CWE-310 CVE-2019-3739: RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Dis
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys.
nvd
CVE-2019-2729CRITICALCVSS 9.8ExploitedPoCv2.32019-06-19
CVE-2019-2729 [CRITICAL] CWE-284 CVE-2019-2729: Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this
nvd
CVE-2019-2725CRITICALCVSS 9.8KEVPoCv2.32019-04-26
CVE-2019-2725 [CRITICAL] CWE-74 CVE-2019-2725: Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability
nvd
CVE-2019-11358MEDIUMCVSS 6.1ExploitedPoCv2.3.02019-04-20
CVE-2019-11358 [MEDIUM] CWE-1321 CVE-2019-11358: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(t
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
nvd
CVE-2015-4852CRITICALCVSS 9.8KEVPoCv2.32015-11-18
CVE-2015-4852 [CRITICAL] CWE-502 CVE-2015-4852: The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allo
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core.apache.commons.collections.jar. NOTE: the scope of this CVE is limited to the
nvd