Latest oracle primavera p6 enterprise project portfolio management Vulnerabilities

CVE-2021-44832
Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appe...
redhat/eap7-log4j<0:2.17.1-1.redhat_00001.1.el8ea
redhat/eap7-log4j<0:2.17.1-1.redhat_00001.1.el7ea
Apache Log4j=2.0-beta9
Apache Log4j=2.15.0
Apache Log4j=2.17.0
Apache Log4j=1.2.x
and 58 more
CVE-2021-45105
Apache Log4j StrSubstitutor Uncontrolled Recursion Denial-of-Service Vulnerability
redhat/eap7-log4j<0:2.17.1-1.redhat_00001.1.el8ea
redhat/eap7-log4j<0:2.17.1-1.redhat_00001.1.el7ea
redhat/rh-sso7-keycloak<0:15.0.6-1.redhat_00001.1.el7
redhat/rh-sso7-keycloak<0:15.0.6-1.redhat_00001.1.el8
debian/apache-log4j2
debian/apache-log4j2<=2.16.0-1~deb10u1<=2.16.0-1<=2.16.0-1~deb11u1
and 217 more
CVE-2021-2386
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 20.12.0-20.12...
Oracle Primavera P6 Enterprise Project Portfolio Management>=20.12.0<=20.12.3
CVE-2021-2366
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 17.12.0-17.12...
Oracle Primavera P6 Enterprise Project Portfolio Management>=17.12.0<=17.12.20
Oracle Primavera P6 Enterprise Project Portfolio Management>=18.8.0<=18.8.23
Oracle Primavera P6 Enterprise Project Portfolio Management>=19.12.0<=19.12.14
Oracle Primavera P6 Enterprise Project Portfolio Management>=20.12.0<=20.12.3
CVE-2021-2351
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unau...
Oracle Advanced Networking Option=12.1.0.2
Oracle Advanced Networking Option=12.2.0.1
Oracle Advanced Networking Option=19c
Oracle Agile Engineering Data Management=6.2.1.0
Oracle Agile PLM=9.3.6
Oracle Agile Product Lifecycle Management for Process=6.2.2.0
and 242 more
CVE-2020-5421
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depen...
maven/org.springframework:spring-framework-bom<4.3.29
maven/org.springframework:spring-framework-bom>=5.0.0<=5.0.18
maven/org.springframework:spring-framework-bom>=5.1.0<=5.1.17
maven/org.springframework:spring-framework-bom>=5.2.0<=5.2.8
IBM Security Directory Suite VA<=8.0.1-8.0.1.19
redhat/springframework<5.2.9
and 80 more
CVE-2020-36518
A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.
debian/jackson-databind<=2.9.8-3+deb10u3
redhat/jackson-databind<0:2.14.1-2.el9
redhat/eap7-jackson-databind<0:2.12.6.1-1.redhat_00003.1.el8ea
redhat/eap7-jackson-databind<0:2.12.6.1-1.redhat_00003.1.el7ea
redhat/rh-sso7-keycloak<0:15.0.8-1.redhat_00001.1.el7
redhat/rh-sso7-keycloak<0:15.0.8-1.redhat_00001.1.el8
and 88 more
CVE-2020-14706
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 17.1.0.0-17.1...
Oracle Primavera P6 Enterprise Project Portfolio Management>=17.1.0.0<=17.12.17.1
Oracle Primavera P6 Enterprise Project Portfolio Management>=18.1.0.0<=18.8.19.0
Oracle Primavera P6 Enterprise Project Portfolio Management>=19.12.0.0<=19.12.5.0
CVE-2020-14653
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 16.1.0.0-16.2...
Oracle Primavera P6 Enterprise Project Portfolio Management>=16.1.0.0<=16.2.20.1
Oracle Primavera P6 Enterprise Project Portfolio Management>=17.1.0.0<=17.12.17.1
Oracle Primavera P6 Enterprise Project Portfolio Management>=18.1.0.0<=18.8.18.2
CVE-2020-2706
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Project Manager). Supported versions that are affected are 16.2.0.0...
Oracle Primavera P6 Enterprise Project Portfolio Management>=16.2.0.0<=16.2.19.3
Oracle Primavera P6 Enterprise Project Portfolio Management>=17.12.0.0<=17.12.17.0
Oracle Primavera P6 Enterprise Project Portfolio Management>=18.8.0.0<=18.8.18.0
Oracle Primavera P6 Enterprise Project Portfolio Management>=19.12.1.0<=19.12.3.0
Oracle Primavera P6 Enterprise Project Portfolio Management>=20.1.0.0<=20.2.0.0
CVE-2020-2594
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Project Manager). Supported versions that are affected are 16.2.0.0...
Oracle Primavera P6 Enterprise Project Portfolio Management>=16.2.0.0<=16.2.19.3
Oracle Primavera P6 Enterprise Project Portfolio Management>=17.12.0.0<=17.12.17.0
Oracle Primavera P6 Enterprise Project Portfolio Management>=18.8.0.0<=18.8.18.0
Oracle Primavera P6 Enterprise Project Portfolio Management>=19.12.1.0<=19.12.3.0
Oracle Primavera P6 Enterprise Project Portfolio Management>=20.1.0.0<=20.2.0.0
CVE-2020-2707
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: WebAccess). Supported versions that are affected are 15.1.0.0-15.2....
Oracle Primavera P6 Enterprise Project Portfolio Management>=15.1.0.0<=15.2.18.7
Oracle Primavera P6 Enterprise Project Portfolio Management>=16.1.0.0<=16.2.19.0
Oracle Primavera P6 Enterprise Project Portfolio Management>=17.1.0.0<=17.2.16.0
Oracle Primavera P6 Enterprise Project Portfolio Management>=18.1.0.0<=18.8.16.0
Oracle Primavera P6 Enterprise Project Portfolio Management=19.12.0.0
CVE-2020-2556
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Core). Supported versions that are affected are 16.2.0.0-16.2.19.0,...
Oracle Primavera P6 Enterprise Project Portfolio Management>=16.2.0.0<=16.2.19.0
Oracle Primavera P6 Enterprise Project Portfolio Management>=17.12.0.0<=17.12.16.0
Oracle Primavera P6 Enterprise Project Portfolio Management>=18.8.0.0<=18.8.16.0
Oracle Primavera P6 Enterprise Project Portfolio Management=19.12.0.0
Oracle Primavera P6 Enterprise Project Portfolio Management=20.1.0.0
CVE-2019-3020
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 15.1.0-15.2.1...
Oracle Primavera P6 Enterprise Project Portfolio Management>=15.1.0<=15.2.18
Oracle Primavera P6 Enterprise Project Portfolio Management>=16.1.0<=16.2.18
Oracle Primavera P6 Enterprise Project Portfolio Management>=17.1.0<=17.12.14
Oracle Primavera P6 Enterprise Project Portfolio Management>=18.1.0<=18.8.11
CVE-2019-2976
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 17.1.0-17.12....
Oracle Primavera P6 Enterprise Project Portfolio Management>=17.1.0<=17.12.12
CVE-2019-17091
faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client window...
Eclipse Mojarra>=2.3.0<2.3.10
Oracle Mojarra Javaserver Faces>=2.2.0<2.2.20
Oracle Application Testing Suite=13.2.0.1
Oracle Application Testing Suite=13.3.0.1
Oracle Banking Enterprise Product Manufacturing=2.7.0
Oracle Banking Enterprise Product Manufacturing=2.8.0
and 34 more
CVE-2019-10219
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This...
redhat/eap7-apache-cxf<0:3.2.11-1.redhat_00001.1.el6ea
redhat/eap7-glassfish-jsf<0:2.3.5-6.SP3_redhat_00004.1.el6ea
redhat/eap7-hal-console<0:3.0.19-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate<0:5.3.14-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate-validator<0:6.0.18-1.Final_redhat_00001.1.el6ea
redhat/eap7-jackson-annotations<0:2.9.10-1.redhat_00003.1.el6ea
and 779 more
CVE-2019-2701
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access). The supported version that is affected is 1...
Oracle Primavera P6 Enterprise Project Portfolio Management=18.8
CVE-2020-10683
dom4j could allow a remote authenticated attacker to obtain sensitive information, caused by an XML external entity (XXE) error when processing XML data. By sending specially crafted XML data, a remot...
redhat/eap7-dom4j<0:2.1.3-1.redhat_00001.1.el6ea
redhat/eap7-elytron-web<0:1.2.5-1.Final_redhat_00001.1.el6ea
redhat/eap7-glassfish-jsf<0:2.3.5-13.SP3_redhat_00011.1.el6ea
redhat/eap7-hal-console<0:3.0.23-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate<0:5.3.17-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate-validator<0:6.0.20-1.Final_redhat_00001.1.el6ea
and 204 more
CVE-2019-2512
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access). Supported versions that are affected are 8....
Oracle Primavera P6 Enterprise Project Portfolio Management=8.4
Oracle Primavera P6 Enterprise Project Portfolio Management=15.1
Oracle Primavera P6 Enterprise Project Portfolio Management=15.2
Oracle Primavera P6 Enterprise Project Portfolio Management=16.1
Oracle Primavera P6 Enterprise Project Portfolio Management=16.2
Oracle Primavera P6 Enterprise Project Portfolio Management=17.7
and 2 more
CVE-2018-19360
An unspecified error with failure to block the axis2-transport-jms class from polymorphic deserialization in FasterXML jackson-databind has an unknown impact and attack vector.
FasterXML jackson-databind>=2.6.0<=2.6.7.2
FasterXML jackson-databind>=2.7.0<2.7.9.5
FasterXML jackson-databind>=2.8.0<2.8.11.3
FasterXML jackson-databind>=2.9.0<2.9.8
Debian Debian Linux=8.0
Oracle Business Process Management Suite=12.1.3.0.0
and 20 more
CVE-2018-19362
An unspecified error with failure to block the jboss-common-core class from polymorphic deserialization in FasterXML jackson-databind has an unknown impact and attack vector.
debian/jackson-databind
IBM GDE<=3.0.0.2
FasterXML jackson-databind>=2.6.0<=2.6.7.2
FasterXML jackson-databind>=2.7.0<2.7.9.5
FasterXML jackson-databind>=2.8.0<2.8.11.3
FasterXML jackson-databind>=2.9.0<2.9.8
and 27 more
CVE-2018-19361
An unspecified error with failure to block the openjpa class from polymorphic deserialization in FasterXML jackson-databind has an unknown impact and attack vector.
FasterXML jackson-databind>=2.6.0<=2.6.7.2
FasterXML jackson-databind>=2.7.0<2.7.9.5
FasterXML jackson-databind>=2.8.0<2.8.11.3
FasterXML jackson-databind>=2.9.0<2.9.8
Debian Debian Linux=8.0
Debian Debian Linux=9.0
and 24 more
CVE-2018-14718
FasterXML jackson-databind 2.x before 2.9.7, 2.8.11.3, 2.7.9.5, and 2.6.7.3 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic d...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.6.7.3
maven/com.fasterxml.jackson.core:jackson-databind>=2.7.0<=2.7.9.4
maven/com.fasterxml.jackson.core:jackson-databind>=2.8.0<=2.8.11.2
maven/com.fasterxml.jackson.core:jackson-databind>=2.9.0<2.9.7
IBM GDE<=3.0.0.2
FasterXML jackson-databind>=2.0.0<2.6.7.3
and 58 more
CVE-2018-14719
FasterXML jackson-databind 2.x before 2.9.7, 2.8.11.3, and 2.7.9.5 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<=2.7.9.4
maven/com.fasterxml.jackson.core:jackson-databind>=2.8.0<=2.8.11.2
maven/com.fasterxml.jackson.core:jackson-databind>=2.9.0<2.9.7
redhat/jackson-databind<2.9.7
redhat/jackson-databind<2.7.9.5
redhat/jackson-databind<2.8.11.3
and 57 more
CVE-2018-5407
A flaw was found in microprocessor execution engine sharing on SMT (e.g. Hyper-Threading) architectures. An attacker running a malicious process on the same core of the processor as the victim process...
IBM Security Verify Governance<=10.0
ubuntu/openssl<1.1.0
ubuntu/openssl<1.0.1
ubuntu/openssl<1.1.0<1.1.1
ubuntu/openssl<1.0.2
ubuntu/openssl1.0<1.0.2
and 45 more
CVE-2018-0735
A flaw was found in OpenSSL versions from 1.1.0 through 1.1.0i inclusive and version 1.1.1. The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An at...
redhat/openssl<1:1.0.2k-16.el7_6.1
redhat/openssl<1:1.1.1c-2.el8
ubuntu/openssl<1.1.0
ubuntu/openssl<1.1.1-1ubuntu2.1
ubuntu/openssl<1.1.1
ubuntu/openssl<1.1.1
and 55 more
CVE-2018-3281
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access). Supported versions that are affected are 8....
Oracle Primavera P6 Enterprise Project Portfolio Management>=17.7<=17.12
Oracle Primavera P6 Enterprise Project Portfolio Management=8.4
Oracle Primavera P6 Enterprise Project Portfolio Management=15.1
Oracle Primavera P6 Enterprise Project Portfolio Management=15.2
Oracle Primavera P6 Enterprise Project Portfolio Management=16.1
Oracle Primavera P6 Enterprise Project Portfolio Management=16.2
and 1 more
CVE-2018-3241
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access). Supported versions that are affected are 8....
Oracle Primavera P6 Enterprise Project Portfolio Management>=17.7<=17.12
Oracle Primavera P6 Enterprise Project Portfolio Management=8.4
Oracle Primavera P6 Enterprise Project Portfolio Management=15.1
Oracle Primavera P6 Enterprise Project Portfolio Management=15.2
Oracle Primavera P6 Enterprise Project Portfolio Management=16.1
Oracle Primavera P6 Enterprise Project Portfolio Management=16.2
and 1 more
CVE-2018-1000632
dom4j could allow a remote attacker to execute arbitrary code on the system, caused by improper input validation in multiple methods. By sending a specially-crafted XML content, an attacker could expl...
redhat/dom4j<2.0.3
redhat/dom4j<2.1.1
Dom4j Project Dom4j>=2.0.0<2.0.3
Dom4j Project Dom4j>=2.1.0<2.1.1
Debian Debian Linux=8.0
Oracle FLEXCUBE Investor Servicing=12.0.4
and 31 more
CVE-2018-1288
In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request int...
redhat/kafka<0.10.2.2
redhat/kafka<0.11.0.3
redhat/kafka<1.0.1
redhat/kafka<1.1.0
Apache Kafka>0.9.0.0<=0.9.0.1
Apache Kafka>=0.10.0.0<=0.10.2.1
and 10 more
CVE-2018-2962
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access). Supported versions that are affected are 8....
Oracle Primavera P6 Enterprise Project Portfolio Management>=17.1<=17.12
Oracle Primavera P6 Enterprise Project Portfolio Management=8.4
Oracle Primavera P6 Enterprise Project Portfolio Management=15.1
Oracle Primavera P6 Enterprise Project Portfolio Management=15.2
Oracle Primavera P6 Enterprise Project Portfolio Management=16.1
Oracle Primavera P6 Enterprise Project Portfolio Management=16.2
CVE-2018-2961
Oracle Primavera P6 Enterprise Project Portfolio Management>=17.1<=17.12
Oracle Primavera P6 Enterprise Project Portfolio Management=8.4
Oracle Primavera P6 Enterprise Project Portfolio Management=15.1
Oracle Primavera P6 Enterprise Project Portfolio Management=15.2
Oracle Primavera P6 Enterprise Project Portfolio Management=16.1
Oracle Primavera P6 Enterprise Project Portfolio Management=16.2
CVE-2018-2960
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access). Supported versions that are affected are 8....
Oracle Primavera P6 Enterprise Project Portfolio Management>=17.1<=17.12
Oracle Primavera P6 Enterprise Project Portfolio Management=8.4
Oracle Primavera P6 Enterprise Project Portfolio Management=15.1
Oracle Primavera P6 Enterprise Project Portfolio Management=15.2
Oracle Primavera P6 Enterprise Project Portfolio Management=16.1
Oracle Primavera P6 Enterprise Project Portfolio Management=16.2
CVE-2018-11039
Pivotal Spring Framework is vulnerable to cross-site tracing, caused by a flaw in the HiddenHttpMethodFilter in Spring MVC. By persuading a victim to visit a specially-crafted Web site, an attacker co...
IBM GDE<=3.0.0.2
maven/org.springframework:spring-web>=4.3.0<4.3.18
maven/org.springframework:spring-web>=5.0.0<5.0.7
VMware Spring Framework<4.3.18
VMware Spring Framework>=5.0.0<5.0.7
Oracle Agile PLM=9.3.3
and 61 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203