Latest oracle business process management suite Vulnerabilities

CVE-2022-23302
JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service...
redhat/log4j<0:1.2.14-6.6.el6_10
redhat/log4j<0:1.2.17-18.el7_4
redhat/log4j<0:1.2.17-17.el7_3
redhat/log4j-eap6<0:1.2.17-3.redhat_00008.1.ep6.el6
redhat/log4j-jboss-logmanager<0:1.1.4-3.Final_redhat_00002.1.ep6.el6
redhat/jboss-as-appclient<0:7.5.24-2.Final_redhat_00001.1.ep6.el6
and 194 more
CVE-2022-23307
A deserialization flaw was found in Apache log4j 1.2.x. While reading serialized log events, they are improperly deserialized. Note this is the same as <a href="https://access.redhat.com/security/cve...
redhat/log4j<0:1.2.14-6.6.el6_10
redhat/log4j<0:1.2.17-18.el7_4
redhat/log4j<0:1.2.17-17.el7_3
redhat/log4j-eap6<0:1.2.17-3.redhat_00008.1.ep6.el6
redhat/log4j-jboss-logmanager<0:1.1.4-3.Final_redhat_00002.1.ep6.el6
redhat/jboss-as-appclient<0:7.5.24-2.Final_redhat_00001.1.ep6.el6
and 193 more
CVE-2022-23305
By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely...
redhat/log4j<0:1.2.14-6.6.el6_10
redhat/log4j<0:1.2.17-18.el7_4
redhat/log4j<0:1.2.17-17.el7_3
redhat/log4j-eap6<0:1.2.17-3.redhat_00008.1.ep6.el6
redhat/log4j-jboss-logmanager<0:1.1.4-3.Final_redhat_00002.1.ep6.el6
redhat/jboss-as-appclient<0:7.5.24-2.Final_redhat_00001.1.ep6.el6
and 196 more
CVE-2021-4104
Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2
redhat/log4j<0:1.2.14-6.5.el6_10
redhat/log4j<0:1.2.17-17.el7_4
redhat/log4j<0:1.2.17-16.el7_3
redhat/log4j-eap6<0:1.2.17-3.redhat_00008.1.ep6.el6
redhat/log4j-jboss-logmanager<0:1.1.4-3.Final_redhat_00002.1.ep6.el6
redhat/jboss-as-appclient<0:7.5.24-2.Final_redhat_00001.1.ep6.el6
and 219 more
CVE-2021-37714
jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, ...
redhat/eap7-apache-cxf<0:3.3.12-1.redhat_00001.1.el6ea
redhat/eap7-ironjacamar<0:1.5.3-1.Final_redhat_00001.1.el6ea
redhat/eap7-jakarta-el<0:3.0.3-3.redhat_00007.1.el6ea
redhat/eap7-jboss-ejb-client<0:4.0.43-1.Final_redhat_00001.1.el6ea
redhat/eap7-jboss-server-migration<0:1.7.2-10.Final_redhat_00011.1.el6ea
redhat/eap7-jsoup<0:1.14.2-1.redhat_00002.1.el6ea
and 55 more
CVE-2021-35517
A flaw was found in apache-commons-compress. When reading a specially crafted TAR archive, Compress can allocate large amounts of memory that leads to an out-of-memory error for small inputs. This fla...
redhat/apache-commons-compress<0:1.21-1.2.el8e
redhat/apache-commons-compress<1.21
Apache Commons Compress>=1.1<=1.20
Netapp Active Iq Unified Manager Linux
Netapp Active Iq Unified Manager Vmware Vsphere
Netapp Active Iq Unified Manager Windows
and 50 more
CVE-2021-36090
A flaw was found in apache-commons-compress. When reading a specially crafted ZIP archive, Compress can allocate large amounts of memory that leads to an out-of-memory error for small inputs. This fla...
redhat/apache-commons-compress<0:1.21-1.2.el8e
IBM Cloud Pak System<=V2.3.0 - V2.3.3.3 Interim Fix 1
redhat/apache-commons-compress<1.21
Apache Commons Compress>=1.0<1.21
Oracle Banking Apis>=18.1<=18.3
Oracle Banking Apis=19.1
and 69 more
CVE-2021-35515
A flaw was found in apache-commons-compress. When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This flaw allo...
redhat/apache-commons-compress<0:1.21-1.2.el8e
redhat/apache-commons-compress<1.21
Apache Commons Compress>=1.6<=1.20
Netapp Active Iq Unified Manager Linux
Netapp Active Iq Unified Manager Vmware Vsphere
Netapp Active Iq Unified Manager Windows
and 43 more
CVE-2021-35516
A flaw was found in apache-commons-compress. When reading a specially crafted 7Z archive, Compress can allocate large amounts of memory that leads to an out-of-memory error for very small inputs. This...
redhat/apache-commons-compress<0:1.21-1.2.el8e
redhat/apache-commons-compress<1.21
Apache Commons Compress>=1.6<=1.20
Netapp Active Iq Unified Manager Linux
Netapp Active Iq Unified Manager Vmware Vsphere
Netapp Active Iq Unified Manager Windows
and 43 more
CVE-2020-17521
Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method ca...
Apache Groovy>=2.0.0<=2.4.20
Apache Groovy>=2.5.0<=2.5.13
Apache Groovy>=3.0.0<=3.0.6
Apache Groovy=4.0.0-alpha1
Netapp Snapcenter
Oracle Agile Engineering Data Management=6.2.1.0
and 37 more
CVE-2020-1945
Apache Ant could allow a remote attacker to bypass security restrictions, caused by the use of an insecure temporary directory to store source files. By sending a specially-crafted request, an attacke...
redhat/jenkins<0:2.263.3.1612433584-1.el7
redhat/conmon<2:2.0.21-1.rhaos4.5.el8
redhat/jenkins<0:2.263.3.1612434332-1.el7
redhat/machine-config-daemon<0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8
redhat/openshift<0:4.5.0-202102050524.p0.git.0.9229406.el7
redhat/openshift-ansible<0:4.5.0-202102031005.p0.git.0.c6839a2.el7
and 128 more
CVE-2020-1951
A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23.
ubuntu/tika<1.5-4ubuntu0.1
>=1.0<=1.23
=12.2.1.3.0
=12.2.1.4.0
=8.0.2
=8.1
and 14 more
CVE-2020-1950
A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23.
>=1.0<=1.23
=12.2.1.3.0
=12.2.1.4.0
=8.0.2
=8.1
=12.0.0
and 15 more
CVE-2019-2904
Oracle ADF Faces Deserialization of Untrusted Data Remote Code Execution Vulnerability
Oracle ADF Faces
Oracle Application Testing Suite=12.5.0.3
Oracle Application Testing Suite=13.1.0.1
Oracle Application Testing Suite=13.2.0.1
Oracle Application Testing Suite=13.3.0.1
Oracle Banking Enterprise Collections=2.7.0
and 43 more
CVE-2019-17359
The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64.
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api=1.63
Apache TomEE=7.0.7
Apache TomEE=7.1.2
Apache TomEE=8.0.1
Netapp Active Iq Unified Manager Linux>=7.3
Netapp Active Iq Unified Manager Windows>=7.3
and 28 more
CVE-2019-10219
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This...
redhat/eap7-apache-cxf<0:3.2.11-1.redhat_00001.1.el6ea
redhat/eap7-glassfish-jsf<0:2.3.5-6.SP3_redhat_00004.1.el6ea
redhat/eap7-hal-console<0:3.0.19-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate<0:5.3.14-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate-validator<0:6.0.18-1.Final_redhat_00001.1.el6ea
redhat/eap7-jackson-annotations<0:2.9.10-1.redhat_00003.1.el6ea
and 779 more
CVE-2019-2706
Vulnerability in the Oracle Business Process Management Suite component of Oracle Fusion Middleware (subcomponent: BPM Foundation Services). The supported version that is affected is 11.1.1.9.0. Easil...
Oracle Business Process Management Suite=11.1.1.9.0
CVE-2020-10683
dom4j could allow a remote authenticated attacker to obtain sensitive information, caused by an XML external entity (XXE) error when processing XML data. By sending specially crafted XML data, a remot...
redhat/eap7-dom4j<0:2.1.3-1.redhat_00001.1.el6ea
redhat/eap7-elytron-web<0:1.2.5-1.Final_redhat_00001.1.el6ea
redhat/eap7-glassfish-jsf<0:2.3.5-13.SP3_redhat_00011.1.el6ea
redhat/eap7-hal-console<0:3.0.23-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate<0:5.3.17-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate-validator<0:6.0.20-1.Final_redhat_00001.1.el6ea
and 204 more
CVE-2019-11358
A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted J...
redhat/ansible-tower<0:3.5.2-1.el7a
redhat/cfme<0:5.10.9.1-1.el7cf
redhat/cfme-amazon-smartstate<0:5.10.9.1-1.el7cf
redhat/cfme-appliance<0:5.10.9.1-1.el7cf
redhat/cfme-gemset<0:5.10.9.1-1.el7cf
redhat/ovirt-ansible-hosted-engine-setup<0:1.0.23-1.el7e
and 267 more
CVE-2018-19361
An unspecified error with failure to block the openjpa class from polymorphic deserialization in FasterXML jackson-databind has an unknown impact and attack vector.
FasterXML jackson-databind>=2.6.0<=2.6.7.2
FasterXML jackson-databind>=2.7.0<2.7.9.5
FasterXML jackson-databind>=2.8.0<2.8.11.3
FasterXML jackson-databind>=2.9.0<2.9.8
Debian Debian Linux=8.0
Debian Debian Linux=9.0
and 24 more
CVE-2018-19360
An unspecified error with failure to block the axis2-transport-jms class from polymorphic deserialization in FasterXML jackson-databind has an unknown impact and attack vector.
FasterXML jackson-databind>=2.6.0<=2.6.7.2
FasterXML jackson-databind>=2.7.0<2.7.9.5
FasterXML jackson-databind>=2.8.0<2.8.11.3
FasterXML jackson-databind>=2.9.0<2.9.8
Debian Debian Linux=8.0
Oracle Business Process Management Suite=12.1.3.0.0
and 20 more
CVE-2018-14718
FasterXML jackson-databind 2.x before 2.9.7, 2.8.11.3, 2.7.9.5, and 2.6.7.3 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic d...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.6.7.3
maven/com.fasterxml.jackson.core:jackson-databind>=2.7.0<=2.7.9.4
maven/com.fasterxml.jackson.core:jackson-databind>=2.8.0<=2.8.11.2
maven/com.fasterxml.jackson.core:jackson-databind>=2.9.0<2.9.7
IBM GDE<=3.0.0.2
FasterXML jackson-databind>=2.0.0<2.6.7.3
and 58 more
CVE-2018-14719
FasterXML jackson-databind 2.x before 2.9.7, 2.8.11.3, and 2.7.9.5 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<=2.7.9.4
maven/com.fasterxml.jackson.core:jackson-databind>=2.8.0<=2.8.11.2
maven/com.fasterxml.jackson.core:jackson-databind>=2.9.0<2.9.7
redhat/jackson-databind<2.9.7
redhat/jackson-databind<2.7.9.5
redhat/jackson-databind<2.8.11.3
and 57 more
CVE-2018-19362
An unspecified error with failure to block the jboss-common-core class from polymorphic deserialization in FasterXML jackson-databind has an unknown impact and attack vector.
debian/jackson-databind
IBM GDE<=3.0.0.2
FasterXML jackson-databind>=2.6.0<=2.6.7.2
FasterXML jackson-databind>=2.7.0<2.7.9.5
FasterXML jackson-databind>=2.8.0<2.8.11.3
FasterXML jackson-databind>=2.9.0<2.9.8
and 27 more
CVE-2018-3246
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported versions that are affected are 12.1.3.0 and 12.2.1.3. Easily exploitable...
Oracle Banking Platform=2.6.0
Oracle Banking Platform=2.6.1
Oracle Banking Platform=2.6.2
Oracle Business Process Management Suite=11.1.1.9.0
Oracle Business Process Management Suite=12.1.3.0.0
Oracle Business Process Management Suite=12.2.1.3.0
and 13 more
CVE-2018-11761
In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service att...
Apache Tika>=0.1<=1.18
Oracle Business Process Management Suite=12.1.3.0.0
Oracle Business Process Management Suite=12.2.1.3.0
CVE-2018-3100
Vulnerability in the Oracle Business Process Management Suite component of Oracle Fusion Middleware (subcomponent: Process Analysis & Discovery). Supported versions that are affected are 11.1.1.7.0, 1...
Oracle Business Process Management Suite=11.1.1.7.0
Oracle Business Process Management Suite=11.1.1.9.0
Oracle Business Process Management Suite=12.1.3.0.0
Oracle Business Process Management Suite=12.2.1.2.0
Oracle Business Process Management Suite=12.2.1.3.0
CVE-2018-1000613
Legion of the Bouncy Castle Java Cryptography APIs could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe reflection flaw in XMSS/XMSS^MT private key deserializatio...
maven/org.bouncycastle:bcprov-jdk15on>=1.57<1.60
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api>=1.58<1.60
NetApp OnCommand Workflow Automation
openSUSE Leap=15.1
Oracle API Gateway=11.1.2.4.0
Oracle Banking Platform=2.6.0
and 89 more
CVE-2018-1000180
Bouncy Castle could provide weaker than expected security, caused by an error in the Low-level interface to RSA key pair generator. The RSA Key Pairs generated in low-level API with added certainty ma...
Bouncycastle Fips Java Api<=1.0.1
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api>=1.54<=1.59
Debian Debian Linux=9.0
Oracle API Gateway=11.1.2.4.0
Oracle Business Process Management Suite=11.1.1.9.0
Oracle Business Process Management Suite=12.1.3.0.0
and 26 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203