Latest oracle autovue for agile product lifecycle management Vulnerabilities

CVE-2021-45105
Apache Log4j StrSubstitutor Uncontrolled Recursion Denial-of-Service Vulnerability
redhat/eap7-log4j<0:2.17.1-1.redhat_00001.1.el8ea
redhat/eap7-log4j<0:2.17.1-1.redhat_00001.1.el7ea
redhat/rh-sso7-keycloak<0:15.0.6-1.redhat_00001.1.el7
redhat/rh-sso7-keycloak<0:15.0.6-1.redhat_00001.1.el8
debian/apache-log4j2
debian/apache-log4j2<=2.16.0-1~deb10u1<=2.16.0-1<=2.16.0-1~deb11u1
and 217 more
CVE-2021-34429
For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security co...
redhat/jetty<9.4.43
redhat/jetty<10.0.6
redhat/jetty<11.0.6
Eclipse Jetty>=9.4.37<9.4.43
Eclipse Jetty>=10.0.1<10.0.6
Eclipse Jetty>=11.0.1<11.0.6
and 19 more
CVE-2021-34428
Eclipse Jetty could allow a physical attacker to bypass security restrictions, caused by a session ID is not invalidated flaw when an exception is thrown from the SessionListener#sessionDestroyed() me...
redhat/jenkins<0:2.289.3.1630554997-1.el8
IBM Cognos Command Center<=10.2.4.1
debian/jetty9
redhat/jetty<9.4.41
redhat/jetty<10.0.3
redhat/jetty<11.0.3
and 19 more
CVE-2021-28165
### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU re...
maven/org.eclipse.jetty:jetty-server>=11.0.0<11.0.2
maven/org.eclipse.jetty:jetty-server>=10.0.0<10.0.2
maven/org.eclipse.jetty:jetty-server>=7.2.2<9.4.39
redhat/rh-eclipse-jetty<0:9.4.40-1.1.el7_9
redhat/jenkins<0:2.277.3.1620393611-1.el8
redhat/runc<0:1.0.0-95.rhaos4.8.gitcd80260.el8
and 29 more
CVE-2021-28164
Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by improper input validation by the default compliance mode. By sending specially-crafted requests with URIs that co...
redhat/rh-eclipse-jetty<0:9.4.40-1.1.el7_9
redhat/jetty<9.4.39
Eclipse Jetty=9.4.37-20210219
Eclipse Jetty=9.4.38-20210224
NetApp Cloud Manager
Netapp E-series Performance Analyzer
and 16 more
CVE-2021-28163
Eclipse Jetty could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw when the ${jetty.base} directory or the ${jetty.base}/webapps directory is a symlink. By sen...
redhat/rh-eclipse-jetty<0:9.4.40-1.1.el7_9
redhat/jenkins<0:2.277.3.1620393611-1.el8
redhat/runc<0:1.0.0-95.rhaos4.8.gitcd80260.el8
redhat/jetty<9.4.39
redhat/jetty<10.0.2
redhat/jetty<11.0.2
and 33 more
CVE-2020-36180
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.6.7.5
maven/com.fasterxml.jackson.core:jackson-databind>=2.7.0<2.9.10.8
redhat/jackson-databind<2.9.10.8
Netapp Cloud Backup
NetApp Service Level Manager
Debian Debian Linux=9.0
and 72 more
CVE-2020-36183
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.6.7.5
maven/com.fasterxml.jackson.core:jackson-databind>=2.7.00<2.9.10.8
redhat/jackson-databind<2.9.10.8
FasterXML jackson-databind>=2.0.0.<2.6.7.5
FasterXML jackson-databind>=2.7.0<2.9.10.8
Netapp Cloud Backup
and 72 more
CVE-2020-36182
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.6.7.5
maven/com.fasterxml.jackson.core:jackson-databind>=2.7.0<2.9.10.8
redhat/jackson-databind<2.9.10.8
FasterXML jackson-databind>=2.0.0<2.6.7.5
FasterXML jackson-databind>=2.7.0<2.9.10.8
Netapp Cloud Backup
and 72 more
CVE-2020-36179
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.6.7.5
maven/com.fasterxml.jackson.core:jackson-databind>=2.7.0<2.9.10.8
redhat/jackson-databind<2.9.10.8
Netapp Cloud Backup
NetApp Service Level Manager
Debian Debian Linux=9.0
and 65 more
CVE-2020-36181
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.6.7.5
maven/com.fasterxml.jackson.core:jackson-databind>=2.7.0<2.9.10.8
redhat/jackson-databind<2.9.10.8
NetApp Service Level Manager
Debian Debian Linux=9.0
Oracle Agile PLM=9.3.6
and 71 more
CVE-2020-36184
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.9.10.8
redhat/jackson-databind<2.9.10.8
Netapp Cloud Backup
NetApp Service Level Manager
Debian Debian Linux=9.0
Oracle Agile PLM=9.3.6
and 71 more
CVE-2020-36188
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.6.7.5
maven/com.fasterxml.jackson.core:jackson-databind>=2.7.0<2.9.10.8
IBM Disconnected Log Collector<=v1.0 - v1.8.2
redhat/jackson-databind<2.9.10.8
FasterXML jackson-databind>=2.0.0<2.6.7.5
FasterXML jackson-databind>=2.7.0<2.9.10.8
and 73 more
CVE-2020-36189
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind<2.6.7.5
maven/com.fasterxml.jackson.core:jackson-databind>=2.7.0<2.9.10.8
IBM Disconnected Log Collector<=v1.0 - v1.8.2
redhat/jackson-databind<2.9.10.8
FasterXML jackson-databind>=2.0.0<2.6.7.5
FasterXML jackson-databind>=2.7.0<2.9.10.8
and 65 more
CVE-2020-36186
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.9.10.8
redhat/jackson-databind<2.9.10.8
FasterXML jackson-databind>=2.0.0<2.6.7.5
FasterXML jackson-databind>=2.7.0<2.9.10.8
Netapp Cloud Backup
NetApp Service Level Manager
and 71 more
CVE-2020-36187
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.9.10.8
redhat/jackson-databind<2.9.10.8
FasterXML jackson-databind>=2.0.0<2.6.7.5
FasterXML jackson-databind>=2.7.0<2.9.10.8
Netapp Cloud Backup
NetApp Service Level Manager
and 71 more
CVE-2020-36185
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.9.10.8
redhat/jackson-databind<2.9.10.8
FasterXML jackson-databind>=2.0.0<2.6.7.5
FasterXML jackson-databind>=2.7.0<2.9.10.8
Netapp Cloud Backup
NetApp Service Level Manager
and 71 more
CVE-2020-35491
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
IBM Security Verify Governance<=10.0
redhat/jackson-databind<2.9.10.8
FasterXML jackson-databind>=2.0.0<2.9.10.8
NetApp Service Level Manager
Debian Debian Linux=9.0
Oracle Agile PLM=9.3.6
and 35 more
CVE-2020-35490
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
IBM Security Verify Governance<=10.0
redhat/jackson-databind<2.9.10.8
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<=2.9.10.7
FasterXML jackson-databind>=2.0.0<2.9.10.8
NetApp Service Level Manager
Debian Debian Linux=9.0
and 35 more
CVE-2020-24750
FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.Jn...
FasterXML jackson-databind>=2.0.0<2.6.7.5
FasterXML jackson-databind>=2.7.0<2.9.10.6
Oracle Agile PLM=9.3.6
Oracle Application Testing Suite=13.3.0.1
Oracle Autovue For Agile Product Lifecycle Management=21.0.2
Oracle Banking Corporate Lending Process Management=14.2.0
and 36 more
CVE-2020-24616
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<=2.9.10.5
IBM ISAM<=9.0.7
IBM Security Verify Access<=10.0.0
FasterXML jackson-databind>=2.0.0<2.9.10.6
Netapp Active Iq Unified Manager Linux
Netapp Active Iq Unified Manager Vmware Vsphere
and 30 more
CVE-2020-14061
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this...
redhat/candlepin<0:2.6.16-1.el7
redhat/foreman<0:1.22.0.39-2.el7
redhat/satellite<0:6.6.3-1.el7
redhat/tfm-rubygem-fog-ovirt<0:1.2.3-1.el7
redhat/tfm-rubygem-katello<0:3.12.0.41-1.el7
redhat/tfm-rubygem-runcible<0:2.13.0-1.el7
and 311 more
CVE-2020-11113
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data co...
redhat/qpid-cpp<0:1.36.0-31.el6_10a
redhat/qpid-proton<0:0.32.0-1.el6_10
redhat/qpid-cpp<0:1.36.0-31.el7a
redhat/qpid-proton<0:0.32.0-2.el7
redhat/nodejs-rhea<0:1.0.24-1.el8
redhat/qpid-proton<0:0.32.0-2.el8
and 59 more
CVE-2020-11112
FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in org.apache.commons.proxy.provider.remoting.RmiProvider (aka apa...
redhat/Jackson-databind<2.9.10.4
redhat/rh-maven35-jackson-databind<0:2.7.6-2.9.el7
IBM Data Risk Manager<=2.0.6
FasterXML jackson-databind>=2.9.0<2.9.10.4
Debian Debian Linux=8.0
Netapp Steelstore Cloud Integrated Storage
and 51 more
CVE-2020-11111
FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in org.apache.activemq.* (aka activemq-jms, activemq-core, activem...
redhat/Jackson-databind<2.9.10.4
redhat/rh-maven35-jackson-databind<0:2.7.6-2.9.el7
IBM Data Risk Manager<=2.0.6
FasterXML jackson-databind>=2.9.0<2.9.10.4
Debian Debian Linux=8.0
Netapp Steelstore Cloud Integrated Storage
and 39 more
CVE-2020-10968
A flaw was found in jackson-databind 2.x prior to version 2.9.10.4. The interaction between serialization gadgets and typing is mishandled in the bus-proxy. The highest threat from this vulnerability...
redhat/candlepin<0:2.6.16-1.el7
redhat/foreman<0:1.22.0.39-2.el7
redhat/satellite<0:6.6.3-1.el7
redhat/tfm-rubygem-fog-ovirt<0:1.2.3-1.el7
redhat/tfm-rubygem-katello<0:3.12.0.41-1.el7
redhat/tfm-rubygem-runcible<0:2.13.0-1.el7
and 345 more
CVE-2020-10673
FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.6.7.4
maven/com.fasterxml.jackson.core:jackson-databind>=2.7.0<2.9.10.4
redhat/Jackson-databind<2.9.10.4
redhat/eap7-dom4j<0:2.1.3-1.redhat_00001.1.el6ea
redhat/eap7-elytron-web<0:1.2.5-1.Final_redhat_00001.1.el6ea
redhat/eap7-glassfish-jsf<0:2.3.5-13.SP3_redhat_00011.1.el6ea
and 161 more
CVE-2020-10672
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this...
redhat/eap7-dom4j<0:2.1.3-1.redhat_00001.1.el6ea
redhat/eap7-elytron-web<0:1.2.5-1.Final_redhat_00001.1.el6ea
redhat/eap7-glassfish-jsf<0:2.3.5-13.SP3_redhat_00011.1.el6ea
redhat/eap7-hal-console<0:3.0.23-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate<0:5.3.17-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate-validator<0:6.0.20-1.Final_redhat_00001.1.el6ea
and 159 more
CVE-2020-10969
FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in javax.swing.JEditorPane. By sending specially-crafted input, an...
redhat/candlepin<0:2.6.16-1.el7
redhat/foreman<0:1.22.0.39-2.el7
redhat/satellite<0:6.6.3-1.el7
redhat/tfm-rubygem-fog-ovirt<0:1.2.3-1.el7
redhat/tfm-rubygem-katello<0:3.12.0.41-1.el7
redhat/tfm-rubygem-runcible<0:2.13.0-1.el7
and 345 more
CVE-2020-9548
A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data conf...
redhat/eap7-dom4j<0:2.1.3-1.redhat_00001.1.el6ea
redhat/eap7-elytron-web<0:1.2.5-1.Final_redhat_00001.1.el6ea
redhat/eap7-glassfish-jsf<0:2.3.5-13.SP3_redhat_00011.1.el6ea
redhat/eap7-hal-console<0:3.0.23-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate<0:5.3.17-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate-validator<0:6.0.20-1.Final_redhat_00001.1.el6ea
and 566 more
CVE-2020-9546
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this...
redhat/eap7-dom4j<0:2.1.3-1.redhat_00001.1.el6ea
redhat/eap7-elytron-web<0:1.2.5-1.Final_redhat_00001.1.el6ea
redhat/eap7-glassfish-jsf<0:2.3.5-13.SP3_redhat_00011.1.el6ea
redhat/eap7-hal-console<0:3.0.23-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate<0:5.3.17-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate-validator<0:6.0.20-1.Final_redhat_00001.1.el6ea
and 576 more
CVE-2020-9547
A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data conf...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.7.9.7
maven/com.fasterxml.jackson.core:jackson-databind>=2.8.0<2.8.11.6
maven/com.fasterxml.jackson.core:jackson-databind>=2.9.0<2.9.10.4
redhat/eap7-dom4j<0:2.1.3-1.redhat_00001.1.el6ea
redhat/eap7-elytron-web<0:1.2.5-1.Final_redhat_00001.1.el6ea
redhat/eap7-glassfish-jsf<0:2.3.5-13.SP3_redhat_00011.1.el6ea
and 551 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203