Latest oracle hyperion infrastructure technology Vulnerabilities

CVE-2022-23305
By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely...
redhat/log4j<0:1.2.14-6.6.el6_10
redhat/log4j<0:1.2.17-18.el7_4
redhat/log4j<0:1.2.17-17.el7_3
redhat/log4j-eap6<0:1.2.17-3.redhat_00008.1.ep6.el6
redhat/log4j-jboss-logmanager<0:1.1.4-3.Final_redhat_00002.1.ep6.el6
redhat/jboss-as-appclient<0:7.5.24-2.Final_redhat_00001.1.ep6.el6
and 196 more
CVE-2022-23302
JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service...
redhat/log4j<0:1.2.14-6.6.el6_10
redhat/log4j<0:1.2.17-18.el7_4
redhat/log4j<0:1.2.17-17.el7_3
redhat/log4j-eap6<0:1.2.17-3.redhat_00008.1.ep6.el6
redhat/log4j-jboss-logmanager<0:1.1.4-3.Final_redhat_00002.1.ep6.el6
redhat/jboss-as-appclient<0:7.5.24-2.Final_redhat_00001.1.ep6.el6
and 194 more
CVE-2022-23307
A deserialization flaw was found in Apache log4j 1.2.x. While reading serialized log events, they are improperly deserialized. Note this is the same as <a href="https://access.redhat.com/security/cve...
redhat/log4j<0:1.2.14-6.6.el6_10
redhat/log4j<0:1.2.17-18.el7_4
redhat/log4j<0:1.2.17-17.el7_3
redhat/log4j-eap6<0:1.2.17-3.redhat_00008.1.ep6.el6
redhat/log4j-jboss-logmanager<0:1.1.4-3.Final_redhat_00002.1.ep6.el6
redhat/jboss-as-appclient<0:7.5.24-2.Final_redhat_00001.1.ep6.el6
and 193 more
CVE-2021-45105
Apache Log4j StrSubstitutor Uncontrolled Recursion Denial-of-Service Vulnerability
redhat/eap7-log4j<0:2.17.1-1.redhat_00001.1.el8ea
redhat/eap7-log4j<0:2.17.1-1.redhat_00001.1.el7ea
redhat/rh-sso7-keycloak<0:15.0.6-1.redhat_00001.1.el7
redhat/rh-sso7-keycloak<0:15.0.6-1.redhat_00001.1.el8
debian/apache-log4j2
debian/apache-log4j2<=2.16.0-1~deb10u1<=2.16.0-1<=2.16.0-1~deb11u1
and 217 more
CVE-2021-4104
Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2
redhat/log4j<0:1.2.14-6.5.el6_10
redhat/log4j<0:1.2.17-17.el7_4
redhat/log4j<0:1.2.17-16.el7_3
redhat/log4j-eap6<0:1.2.17-3.redhat_00008.1.ep6.el6
redhat/log4j-jboss-logmanager<0:1.1.4-3.Final_redhat_00002.1.ep6.el6
redhat/jboss-as-appclient<0:7.5.24-2.Final_redhat_00001.1.ep6.el6
and 219 more
CVE-2021-2445
Vulnerability in the Hyperion Infrastructure Technology product of Oracle Hyperion (component: Lifecycle Management). The supported version that is affected is 11.2.5.0. Difficult to exploit vulnerabi...
Oracle Hyperion Infrastructure Technology=11.2.5.0
CVE-2021-2347
Vulnerability in the Hyperion Infrastructure Technology product of Oracle Hyperion (component: Lifecycle Management). The supported version that is affected is 11.2.5.0. Easily exploitable vulnerabili...
Oracle Hyperion Infrastructure Technology=11.2.5.0
CVE-2021-2351
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unau...
Oracle Advanced Networking Option=12.1.0.2
Oracle Advanced Networking Option=12.2.0.1
Oracle Advanced Networking Option=19c
Oracle Agile Engineering Data Management=6.2.1.0
Oracle Agile PLM=9.3.6
Oracle Agile Product Lifecycle Management for Process=6.2.2.0
and 242 more
CVE-2021-27906
A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.
redhat/pdfbox<2.0.23
Apache PDFBox>=2.0.0<=2.0.22
Fedoraproject Fedora=32
Fedoraproject Fedora=33
Fedoraproject Fedora=34
Oracle Banking Corporate Lending Process Management=14.2.0
and 37 more
CVE-2021-27807
A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.
redhat/pdfbox<2.0.23
Apache PDFBox>=2.0.0<=2.0.22
Fedoraproject Fedora=32
Fedoraproject Fedora=33
Fedoraproject Fedora=34
Oracle Banking Trade Finance Process Management=14.2.0
and 26 more
CVE-2020-27218
### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received en...
redhat/jenkins<0:2.289.1.1624365627-1.el7
redhat/jenkins<0:2.277.3.1623846768-1.el7
redhat/jenkins<0:2.277.3.1623853726-1.el8
redhat/jetty<9.4.35.
redhat/jetty<10.0.0.
redhat/jetty<11.0.0.
and 31 more
CVE-2020-14854
Vulnerability in the Hyperion Infrastructure Technology product of Oracle Hyperion (component: UI and Visualization). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerabili...
Oracle Hyperion Infrastructure Technology=11.1.2.4
CVE-2020-5421
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depen...
maven/org.springframework:spring-framework-bom<4.3.29
maven/org.springframework:spring-framework-bom>=5.0.0<=5.0.18
maven/org.springframework:spring-framework-bom>=5.1.0<=5.1.17
maven/org.springframework:spring-framework-bom>=5.2.0<=5.2.8
IBM Security Directory Suite VA<=8.0.1-8.0.1.19
redhat/springframework<5.2.9
and 80 more
CVE-2020-9490
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resour...
ubuntu/apache2<2.4.29-1ubuntu4.14
ubuntu/apache2<2.4.41-4ubuntu3.1
ubuntu/apache2<2.4.44
>=2.4.20<2.4.46
>=8.2.0<=8.2.2
>=8.2.0<=8.2.2
and 106 more
CVE-2020-11993
Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing conc...
redhat/httpd<2.4.44
redhat/jbcs-httpd24-apr<0:1.6.3-104.jbcs.el6
redhat/jbcs-httpd24-apr-util<0:1.6.1-75.jbcs.el6
redhat/jbcs-httpd24-brotli<0:1.0.6-38.jbcs.el6
redhat/jbcs-httpd24-curl<0:7.64.1-44.jbcs.el6
redhat/jbcs-httpd24-httpd<0:2.4.37-64.jbcs.el6
and 55 more
CVE-2020-11984
Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE
redhat/jbcs-httpd24-apr<0:1.6.3-104.jbcs.el6
redhat/jbcs-httpd24-apr-util<0:1.6.1-75.jbcs.el6
redhat/jbcs-httpd24-brotli<0:1.0.6-38.jbcs.el6
redhat/jbcs-httpd24-curl<0:7.64.1-44.jbcs.el6
redhat/jbcs-httpd24-httpd<0:2.4.37-64.jbcs.el6
redhat/jbcs-httpd24-jansson<0:2.11-53.jbcs.el6
and 44 more
CVE-2020-15358
In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.
IBM Security Verify Access<=10.0.0
Apple iCloud for Windows<7.21
Apple macOS Big Sur<11.0.1
Google Android
Apple macOS Big Sur<11.2
Apple Catalina
and 27 more
CVE-2020-13871
SQLite is vulnerable to a denial of service, caused by a use-after-free in resetAccumulator in select.c. By sending a specially crafted request, a remote attacker could exploit this vulnerability to c...
IBM Data Risk Manager<=2.0.6
SQLite SQLite=3.32.2
Fedoraproject Fedora=33
Debian Debian Linux=9.0
Oracle Communications Messaging Server=8.1
Oracle Communications Network Charging And Control=6.0.1
and 9 more
CVE-2020-11656
In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.
SQLite SQLite<=3.31.1
NetApp ONTAP Select Deploy administration utility
Oracle Communications Network Charging And Control>=12.0.0<=12.0.3
Oracle Communications Network Charging And Control=6.0.1
Oracle Communications Network Charging And Control=12.0.2
Oracle Enterprise Manager Ops Center=12.4.0.0
and 9 more
CVE-2020-11655
SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
SQLite SQLite<=3.31.1
NetApp ONTAP Select Deploy administration utility
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
and 26 more
CVE-2020-1935
Apache Tomcat is vulnerable to HTTP request smuggling, caused by a flaw when handling unusual Transfer-Encoding HTTP header. By sending a specially-crafted request, an attacker could exploit this vuln...
redhat/tomcat<0:7.0.76-16.el7_9
redhat/tomcat<0:7.0.76-11.el7_6
redhat/tomcat<0:7.0.76-12.el7_7
redhat/tomcat7<0:7.0.70-41.ep7.el6
redhat/tomcat8<0:8.0.36-45.ep7.el6
redhat/tomcat7<0:7.0.70-41.ep7.el7
and 75 more
CVE-2020-9327
In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.
SQLite SQLite=3.31.1
Netapp Cloud Backup
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=19.10
Siemens Sinec Infrastructure Network Services<1.0.1.1
and 15 more
CVE-2019-17563
Apache Tomcat could allow a local attacker to hijack a user&#39;s session. By using the FORM authentication function, an attacker could exploit this vulnerability to gain access to another user&#39;s ...
redhat/tomcat<0:7.0.76-15.el7
redhat/tomcat<0:7.0.76-11.el7_6
redhat/tomcat<0:7.0.76-12.el7_7
redhat/tomcat7<0:7.0.70-38.ep7.el6
redhat/tomcat8<0:8.0.36-42.ep7.el6
redhat/tomcat-native<0:1.2.23-21.redhat_21.ep7.el6
and 30 more
CVE-2019-12415
Apache POI could allow a remote attacker to obtain sensitive information, caused by an XML external entity (XXE) error when processing XML data by tool XSSFExportToXml. By sending a specially-crafted ...
redhat/poi<4.1.0
IBM Cloud Pak for Business Automation<=V22.0.2
IBM Cloud Pak for Business Automation<=V21.0.3 - V21.0.3-IF016
IBM Cloud Pak for Business Automation<=V22.0.1 - V22.0.1-IF006 and later fixes V21.0.2 - V21.0.2-IF012 and later fixesV21.0.1 - V21.0.1-IF007 and later fixesV20.0.1 - V20.0.3 and later fixesV19.0.1 - V19.0.3 and later fixesV18.0.0 - V18.0.2 and later fixes
Apache POI<=4.1.0
Oracle Application Testing Suite=12.5.0.3
and 63 more
CVE-2019-12402
The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service at...
maven/io.github.1tchy.java9modular.org.apache.commons:commons-compress=1.18.1
maven/org.apache.commons:commons-compress>=1.15<1.19
redhat/apache-commons-compress<1.19
Apache Commons Compress>=1.15<=1.18
Fedoraproject Fedora=30
Fedoraproject Fedora=31
and 35 more
CVE-2019-10219
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This...
redhat/eap7-apache-cxf<0:3.2.11-1.redhat_00001.1.el6ea
redhat/eap7-glassfish-jsf<0:2.3.5-6.SP3_redhat_00004.1.el6ea
redhat/eap7-hal-console<0:3.0.19-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate<0:5.3.14-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate-validator<0:6.0.18-1.Final_redhat_00001.1.el6ea
redhat/eap7-jackson-annotations<0:2.9.10-1.redhat_00003.1.el6ea
and 779 more
CVE-2019-13990
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.
redhat/rhvm-dependencies<0:4.4.0-1.el8e
IBM Data Risk Manager<=2.0.6
maven/org.quartz-scheduler:quartz<2.3.2
redhat/quartz<2.3.2
Softwareag Quartz<2.3.2
Oracle Apache Batik Mapviewer=12.2.0.1
and 178 more
CVE-2018-14550
An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png.
Libpng Libpng=1.6.35
Oracle Hyperion Infrastructure Technology=11.1.2.6.0
Oracle Mysql Workbench<=8.0.23
Netapp Active Iq Unified Manager Vmware Vsphere
NetApp OnCommand API Services
CVE-2019-2729
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily e...
Oracle Communications Diameter Signaling Router=8.0
Oracle Communications Diameter Signaling Router=8.1
Oracle Communications Diameter Signaling Router=8.2
Oracle Communications Diameter Signaling Router=8.2.1
Oracle Communications Network Integrity>=7.3.2<=7.3.6
Oracle Hyperion Infrastructure Technology=11.1.2.4
and 13 more
CVE-2019-5427
c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.
Mchange C3p0<0.9.5.2
Fedoraproject Fedora=29
Fedoraproject Fedora=30
Oracle Communications Ip Service Activator=7.3.0
Oracle Communications Ip Service Activator=7.4.0
Oracle Communications Session Route Manager>=8.2.0<=8.2.2
and 13 more
CVE-2019-7317
A use-after-free vulnerability was discovered in the png_image_free function in the libpng library. This could lead to denial of service or a potentially exploitable crash when a malformed image is pr...
debian/libpng1.6<=1.6.28-1<=1.6.36-3<=1.6.36-2
Mozilla Thunderbird<60.7
Mozilla Firefox ESR<60.7
Mozilla Firefox<67
Libpng Libpng>=1.6.0<1.6.37
Debian Debian Linux=8.0
and 99 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203