Latest oracle healthcare master person index Vulnerabilities

● CVE-2021-45105

Apache Log4j StrSubstitutor Uncontrolled Recursion Denial-of-Service Vulnerability

redhat/eap7-log4j<0:2.17.1-1.redhat_00001.1.el8ea

redhat/eap7-log4j<0:2.17.1-1.redhat_00001.1.el7ea

redhat/rh-sso7-keycloak<0:15.0.6-1.redhat_00001.1.el7

redhat/rh-sso7-keycloak<0:15.0.6-1.redhat_00001.1.el8

debian/apache-log4j2

debian/apache-log4j2<=2.16.0-1~deb10u1<=2.16.0-1<=2.16.0-1~deb11u1

and 217 more

● CVE-2020-5421

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depen...

maven/org.springframework:spring-framework-bom<4.3.29

maven/org.springframework:spring-framework-bom>=5.0.0<=5.0.18

maven/org.springframework:spring-framework-bom>=5.1.0<=5.1.17

maven/org.springframework:spring-framework-bom>=5.2.0<=5.2.8

IBM Security Directory Suite VA<=8.0.1-8.0.1.19

redhat/springframework<5.2.9

and 80 more

● CVE-2020-5397

Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) e...

maven/org.springframework:spring-webflux>=5.2.0<5.2.3

maven/org.springframework:spring-webmvc>=5.2.0<5.2.3

VMware Spring Framework>=5.2.0<5.2.3

Oracle Application Testing Suite=13.3.0.1

Oracle Communications Brm - Elastic Charging Engine=11.3

Oracle Communications Brm - Elastic Charging Engine=12.0

and 48 more

● CVE-2020-5398

A flaw was found in springframework in versions prior to 5.0.16, 5.1.13, and 5.2.3. A reflected file download (RFD) attack is possible when a "Content-Disposition" header is set in response to where t...

IBM Data Risk Manager<=2.0.6

redhat/springframework<5.2.3

redhat/springframework<5.1.13

redhat/springframework<5.0.16

maven/org.springframework:spring-webflux>=5.0.0.RELEASE<5.0.16.RELEASE

maven/org.springframework:spring-webflux>=5.1.0.RELEASE<5.1.13.RELEASE

and 67 more

● CVE-2018-15756

Pivotal Spring Framework is vulnerable to a denial of service, caused by improper handling of range request by the ResourceHttpRequestHandler. By adding a range header with a high number of ranges, a ...

IBM GDE<=3.0.0.2

redhat/springframework<5.0.10

redhat/springframework<4.3.20

VMware Spring Framework>=4.2.0<4.3.20

VMware Spring Framework>=5.0.0<5.0.10

VMware Spring Framework=5.1.0

and 111 more

● CVE-2018-11040

Pivotal Spring Framework could allow a remote attacker to bypass security restrictions, caused by a flaw in AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView. By sending...

IBM GDE<=3.0.0.2

maven/org.springframework:spring-core>=4.3.0<4.3.18

maven/org.springframework:spring-core>=5.0.0<5.0.7

VMware Spring Framework<4.3.18

VMware Spring Framework>=5.0.0<5.0.7

Oracle Agile Product Lifecycle Management=9.3.3

and 50 more

● CVE-2018-11039

Pivotal Spring Framework is vulnerable to cross-site tracing, caused by a flaw in the HiddenHttpMethodFilter in Spring MVC. By persuading a victim to visit a specially-crafted Web site, an attacker co...

IBM GDE<=3.0.0.2

maven/org.springframework:spring-web>=4.3.0<4.3.18

maven/org.springframework:spring-web>=5.0.0<5.0.7

VMware Spring Framework<4.3.18

VMware Spring Framework>=5.0.0<5.0.7

Oracle Agile PLM=9.3.3

and 61 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.