Agile_engineering_data_management - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Agile_engineering_data_management
(Oracle)

Repositories	https://github.com/openssl/openssl
#Vulnerabilities	30

Date	Id	Summary	Products	Score	Patch	Annotated
2021-07-14	CVE-2021-36374	When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files. Apache Ant prior to 1.9.16 and 1.10.11 were affected.	Ant, Agile_engineering_data_management, Agile_plm, Banking_trade_finance, Banking_treasury_management, Communications_cloud_native_core_automated_test_suite, Communications_cloud_native_core_binding_support_function, Communications_diameter_intelligence_hub, Communications_order_and_service_management, Communications_unified_inventory_management, Enterprise_repository, Financial_services_analytical_applications_infrastructure, Health_sciences_information_manager, Insurance_policy_administration, Primavera_gateway, Primavera_unifier, Product_lifecycle_analytics, Real\-Time_decision_server, Retail_advanced_inventory_planning, Retail_back_office, Retail_bulk_data_integration, Retail_central_office, Retail_eftlink, Retail_extract_transform_and_load, Retail_financial_integration, Retail_integration_bus, Retail_invoice_matching, Retail_merchandising_system, Retail_point\-Of\-Service, Retail_predictive_application_server, Retail_service_backbone, Retail_store_inventory_management, Retail_xstore_point_of_service, Timesten_in\-Memory_database, Utilities_framework, Utilities_testing_accelerator	5.5
2021-07-21	CVE-2021-2351	Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products....	Advanced_networking_option, Agile_engineering_data_management, Agile_plm, Agile_product_lifecycle_management_for_process, Airlines_data_model, Application_performance_management, Application_testing_suite, Argus_analytics, Argus_insight, Argus_mart, Argus_safety, Banking_apis, Banking_digital_experience, Banking_enterprise_default_management, Banking_platform, Big_data_spatial_and_graph, Blockchain_platform, Clinical, Commerce_platform, Communications_application_session_controller, Communications_billing_and_revenue_management, Communications_calendar_server, Communications_contacts_server, Communications_convergent_charging_controller, Communications_data_model, Communications_design_studio, Communications_diameter_intelligence_hub, Communications_ip_service_activator, Communications_metasolv_solution, Communications_network_charging_and_control, Communications_network_integrity, Communications_pricing_design_center, Communications_services_gatekeeper, Communications_session_report_manager, Communications_session_route_manager, Data_integrator, Demantra_demand_management, Documaker, Enterprise_data_quality, Enterprise_manager_base_platform, Enterprise_manager_ops_center, Financial_services_analytical_applications_infrastructure, Financial_services_behavior_detection_platform, Financial_services_enterprise_case_management, Financial_services_foreign_account_tax_compliance_act_management, Financial_services_model_management_and_governance, Financial_services_trade\-Based_anti_money_laundering, Flexcube_investor_servicing, Flexcube_private_banking, Fusion_middleware, Goldengate, Goldengate_application_adapters, Graph_server_and_client, Health_sciences_clinical_development_analytics, Health_sciences_inform_crf_submit, Health_sciences_information_manager, Healthcare_data_repository, Healthcare_foundation, Healthcare_translational_research, Hospitality_inventory_management, Hospitality_opera_5, Hospitality_reporting_and_analytics, Hospitality_suite8, Hyperion_infrastructure_technology, Ilearning, Instantis_enterprisetrack, Insurance_data_gateway, Insurance_insbridge_rating_and_underwriting, Insurance_policy_administration, Insurance_rules_palette, Jd_edwards_enterpriseone_tools, Oss_support_tools, Peoplesoft_enterprise_peopletools, Policy_automation, Primavera_analytics, Primavera_data_warehouse, Primavera_gateway, Primavera_p6_enterprise_project_portfolio_management, Primavera_p6_professional_project_management, Primavera_unifier, Product_lifecycle_analytics, Rapid_planning, Real_user_experience_insight, Retail_analytics, Retail_assortment_planning, Retail_back_office, Retail_central_office, Retail_customer_insights, Retail_extract_transform_and_load, Retail_financial_integration, Retail_integration_bus, Retail_merchandising_system, Retail_order_broker, Retail_order_management_system, Retail_point\-Of\-Service, Retail_predictive_application_server, Retail_price_management, Retail_returns_management, Retail_service_backbone, Retail_store_inventory_management, Retail_xstore_point_of_service, Siebel_ui_framework, Spatial_studio, Storagetek_acsls, Storagetek_tape_analytics, Thesaurus_management_system, Timesten_in\-Memory_database, Utilities_framework, Utilities_testing_accelerator, Weblogic_server, Zfs_storage_application_integration_engineering_software	N/A
2021-10-14	CVE-2021-42340	The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.	Tomcat, Debian_linux, Hci, Management_services_for_element_software, Agile_engineering_data_management, Big_data_spatial_and_graph, Communications_diameter_signaling_router, Hospitality_cruise_shipboard_property_management_system, Managed_file_transfer, Middleware_common_libraries_and_tools, Payment_interface, Retail_customer_insights, Retail_data_extractor_for_merchandising, Retail_eftlink, Retail_financial_integration, Retail_store_inventory_management, Sd\-Wan_edge, Taleo_platform	7.5
2021-12-18	CVE-2021-45105	Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.	Log4j, Debian_linux, Cloud_manager, Agile_engineering_data_management, Agile_plm, Agile_plm_mcad_connector, Autovue_for_agile_product_lifecycle_management, Banking_deposits_and_lines_of_credit_servicing, Banking_enterprise_default_management, Banking_loans_servicing, Banking_party_management, Banking_payments, Banking_platform, Banking_trade_finance, Banking_treasury_management, Business_intelligence, Communications_asap, Communications_billing_and_revenue_management, Communications_cloud_native_core_console, Communications_cloud_native_core_network_function_cloud_native_environment, Communications_cloud_native_core_network_repository_function, Communications_cloud_native_core_network_slice_selection_function, Communications_cloud_native_core_policy, Communications_cloud_native_core_security_edge_protection_proxy, Communications_cloud_native_core_service_communication_proxy, Communications_cloud_native_core_unified_data_repository, Communications_convergence, Communications_convergent_charging_controller, Communications_diameter_signaling_router, Communications_eagle_element_management_system, Communications_eagle_ftp_table_base_retrieval, Communications_element_manager, Communications_evolved_communications_application_server, Communications_interactive_session_recorder, Communications_ip_service_activator, Communications_messaging_server, Communications_network_charging_and_control, Communications_network_integrity, Communications_performance_intelligence_center, Communications_pricing_design_center, Communications_service_broker, Communications_services_gatekeeper, Communications_session_report_manager, Communications_session_route_manager, Communications_unified_inventory_management, Communications_user_data_repository, Communications_webrtc_session_controller, Data_integrator, E\-Business_suite, Enterprise_manager_base_platform, Enterprise_manager_for_peoplesoft, Enterprise_manager_ops_center, Financial_services_analytical_applications_infrastructure, Financial_services_model_management_and_governance, Flexcube_universal_banking, Health_sciences_empirica_signal, Health_sciences_inform, Health_sciences_information_manager, Healthcare_data_repository, Healthcare_foundation, Healthcare_master_person_index, Healthcare_translational_research, Hospitality_suite8, Hospitality_token_proxy_service, Hyperion_bi\+, Hyperion_data_relationship_management, Hyperion_infrastructure_technology, Hyperion_planning, Hyperion_profitability_and_cost_management, Hyperion_tax_provision, Identity_management_suite, Identity_manager_connector, Instantis_enterprisetrack, Insurance_data_gateway, Insurance_insbridge_rating_and_underwriting, Jdeveloper, Managed_file_transfer, Management_cloud_engine, Mysql_enterprise_monitor, Payment_interface, Peoplesoft_enterprise_peopletools, Primavera_gateway, Primavera_p6_enterprise_project_portfolio_management, Primavera_unifier, Retail_back_office, Retail_central_office, Retail_customer_insights, Retail_data_extractor_for_merchandising, Retail_eftlink, Retail_financial_integration, Retail_integration_bus, Retail_invoice_matching, Retail_merchandising_system, Retail_order_broker, Retail_order_management_system, Retail_point\-Of\-Service, Retail_predictive_application_server, Retail_price_management, Retail_returns_management, Retail_service_backbone, Retail_store_inventory_management, Siebel_ui_framework, Sql_developer, Taleo_platform, Utilities_framework, Webcenter_portal, Webcenter_sites, Weblogic_server, 6bk1602\-0aa12\-0tp0_firmware, 6bk1602\-0aa22\-0tp0_firmware, 6bk1602\-0aa32\-0tp0_firmware, 6bk1602\-0aa42\-0tp0_firmware, 6bk1602\-0aa52\-0tp0_firmware, Email_security, Network_security_manager, Web_application_firewall	5.9
2022-01-24	CVE-2022-23437	There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.	Xerces\-J, Active_iq_unified_manager, Agile_engineering_data_management, Agile_plm, Banking_deposits_and_lines_of_credit_servicing, Banking_party_management, Communications_asap, Communications_element_manager, Communications_session_report_manager, Communications_session_route_manager, Financial_services_analytical_applications_infrastructure, Financial_services_behavior_detection_platform, Financial_services_crime_and_compliance_management_studio, Financial_services_enterprise_case_management, Flexcube_universal_banking, Global_lifecycle_management_nextgen_oui_framework, Global_lifecycle_management_opatch, Health_sciences_information_manager, Ilearning, Peoplesoft_enterprise_peopletools, Primavera_gateway, Product_lifecycle_analytics, Retail_bulk_data_integration, Retail_extract_transform_and_load, Retail_financial_integration, Retail_integration_bus, Retail_merchandising_system, Retail_service_backbone, Weblogic_server	6.5
2022-01-27	CVE-2022-23181	The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore.	Tomcat, Debian_linux, Agile_engineering_data_management, Communications_cloud_native_core_policy, Financial_services_crime_and_compliance_management_studio, Managed_file_transfer, Mysql_enterprise_monitor	7.0
2018-08-02	CVE-2018-8032	Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.	Axis, Debian_linux, Agile_engineering_data_management, Agile_product_lifecycle_management_framework, Application_testing_suite, Big_data_discovery, Communications_asap_cartridges, Communications_design_studio, Communications_element_manager, Communications_network_integrity, Communications_order_and_service_management, Communications_session_report_manager, Communications_session_route_manager, Endeca_information_discovery_studio, Enterprise_manager_base_platform, Enterprise_manager_for_fusion_middleware, Financial_services_analytical_applications_infrastructure, Financial_services_compliance_regulatory_reporting, Financial_services_funds_transfer_pricing, Flexcube_core_banking, Flexcube_private_banking, Hospitality_guest_access, Instantis_enterprisetrack, Internet_directory, Knowledge, Peoplesoft_enterprise_human_capital_management_human_resources, Peoplesoft_enterprise_peopletools, Policy_automation_connector_for_siebel, Primavera_gateway, Primavera_unifier, Rapid_planning, Real\-Time_decision_server, Retail_order_broker, Retail_xstore_point_of_service, Secure_global_desktop, Siebel_ui_framework, Tuxedo, Webcenter_portal	6.1
2019-05-01	CVE-2019-0227	A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue.	Axis, Agile_engineering_data_management, Agile_product_lifecycle_management_framework, Application_testing_suite, Big_data_discovery, Communications_asap_cartridges, Communications_design_studio, Communications_element_manager, Communications_network_integrity, Communications_order_and_service_management, Communications_session_report_manager, Communications_session_route_manager, Endeca_information_discovery_studio, Enterprise_manager_base_platform, Enterprise_manager_for_fusion_middleware, Financial_services_analytical_applications_infrastructure, Financial_services_compliance_regulatory_reporting, Financial_services_funds_transfer_pricing, Flexcube_core_banking, Flexcube_private_banking, Hospitality_guest_access, Instantis_enterprisetrack, Internet_directory, Knowledge, Peoplesoft_enterprise_human_capital_management_human_resources, Peoplesoft_enterprise_peopletools, Policy_automation_connector_for_siebel, Primavera_gateway, Primavera_unifier, Rapid_planning, Real\-Time_decision_server, Retail_order_broker, Retail_xstore_point_of_service, Secure_global_desktop, Siebel_ui_framework, Tuxedo, Webcenter_portal	7.5
2021-02-24	CVE-2020-11987	Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.	Batik, Debian_linux, Fedora, Agile_engineering_data_management, Banking_apis, Banking_digital_experience, Communications_application_session_controller, Communications_metasolv_solution, Communications_offline_mediation_controller, Enterprise_repository, Flexcube_universal_banking, Fusion_middleware_mapviewer, Instantis_enterprisetrack, Insurance_policy_administration, Product_lifecycle_analytics, Retail_back_office, Retail_central_office, Retail_order_broker, Retail_order_management_system_cloud_service, Retail_point\-Of\-Service, Retail_returns_management, Weblogic_server	8.2
2019-11-08	CVE-2019-10219	A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.	Active_iq_unified_manager, Element, Management_services_for_element_software_and_netapp_hci, Snapcenter_plug\-In, Access_manager, Agile_engineering_data_management, Agile_plm, Agile_product_lifecycle_analytics, Agile_product_lifecycle_management_integration_pack, Airlines_data_model, Application_express, Application_performance_management, Application_testing_suite, Argus_analytics, Argus_insight, Argus_safety, Banking_apis, Banking_deposits_and_lines_of_credit_servicing, Banking_digital_experience, Banking_enterprise_default_management, Banking_enterprise_default_managment, Banking_loans_servicing, Banking_party_management, Banking_platform, Bi_publisher, Big_data_spatial_and_graph, Business_activity_monitoring, Business_intelligence, Business_process_management_suite, Clinical, Commerce_guided_search, Commerce_platform, Communications_application_session_controller, Communications_billing_and_revenue_management, Communications_billing_and_revenue_management_elastic_charging_engine, Communications_calendar_server, Communications_cloud_native_core_automated_test_suite, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_console, Communications_cloud_native_core_network_function_cloud_native_environment, Communications_cloud_native_core_network_repository_function, Communications_cloud_native_core_policy, Communications_cloud_native_core_security_edge_protection_proxy, Communications_cloud_native_core_service_communication_proxy, Communications_cloud_native_core_unified_data_repository, Communications_contacts_server, Communications_converged_application_server_\-_service_controller, Communications_convergence, Communications_convergent_charging_controller, Communications_data_model, Communications_design_studio, Communications_diameter_signaling_route, Communications_eagle_application_processor, Communications_instant_messaging_server, Communications_interactive_session_recorder, Communications_messaging_server, Communications_metasolv_solution, Communications_network_charging_and_control, Communications_network_integrity, Communications_offline_mediation_controller, Communications_operations_monitor, Communications_pricing_design_center, Communications_service_broker, Communications_services_gatekeeper, Communications_session_border_controller, Communications_unified_inventory_management, Communications_webrtc_session_controller, Data_integrator, Database_server, Demantra_demand_management, Documaker, E\-Business_suite, Enterprise_communications_broker, Enterprise_data_quality, Enterprise_manager_base_platform, Enterprise_manager_ops_center, Enterprise_session_border_controller, Essbase, Essbase_administration_services, Financial_services_analytical_applications_infrastructure, Financial_services_behavior_detection_platform, Financial_services_enterprise_case_management, Financial_services_foreign_account_tax_compliance_act_management, Financial_services_model_management_and_governance, Financial_services_trade\-Based_anti_money_laundering, Flexcube_investor_servicing, Flexcube_private_banking, Fujitsu_m10\-1_firmware, Fujitsu_m10\-4_firmware, Fujitsu_m10\-4s_firmware, Fujitsu_m12\-1_firmware, Fujitsu_m12\-2_firmware, Fujitsu_m12\-2s_firmware, Fusion_middleware, Fusion_middleware_mapviewer, Goldengate, Goldengate_application_adapters, Graalvm, Graph_server_and_client, Health_sciences_clinical_development_analytics, Health_sciences_inform_crf_submit, Health_sciences_information_manager, Healthcare_data_repository, Healthcare_foundation, Healthcare_translational_research, Hospitality_cruise_shipboard_property_management_system, Hospitality_opera_5_property_services, Hospitality_reporting_and_analytics, Hospitality_suite8, Http_server, Hyperion_financial_management, Hyperion_ilearning, Hyperion_infrastructure_technology, Instantis_enterprisetrack, Insurance_data_gateway, Insurance_insbridge_rating_and_underwriting, Insurance_policy_administration, Insurance_policy_administration_j2ee, Insurance_rules_palette, Java_se, Jd_edwards_enterpriseone_orchestrator, Jdk, Managed_file_transfer, Mysql_cluster, Mysql_connectors, Mysql_server, Mysql_workbench, Nosql_database, Oss_support_tools, Peoplesoft_enterprise_cs_sa_integration_pack, Peoplesoft_enterprise_people_tools, Peoplesoft_enterprise_peopletools, Policy_automation, Primavera_analytics, Primavera_data_warehouse, Primavera_gateway, Primavera_p6_enterprise_project_portfolio_management, Primavera_p6_professional_project_management, Primavera_portfolio_management, Primavera_unifier, Rapid_planning, Real\-Time_decision_server, Real_user_experience_insight, Rest_data_services, Retail_allocation, Retail_analytics, Retail_assortment_planning, Retail_back_office, Retail_central_office, Retail_customer_insights, Retail_customer_management_and_segmentation_foundation, Retail_eftlink, Retail_extract_transform_and_load, Retail_financial_integration, Retail_fiscal_management, Retail_integration_bus, Retail_invoice_matching, Retail_merchandising_system, Retail_order_broker, Retail_order_management_system, Retail_point\-Of\-Sale, Retail_predictive_application_server, Retail_price_management, Retail_returns_management, Retail_service_backbone, Retail_size_profile_optimization, Retail_xstore_point_of_service, Sd\-Wan_aware, Sd\-Wan_edge, Secure_backup, Siebel_applications, Solaris, Spatial_studio, Thesaurus_management_system, Timesten_in\-Memory_database, Utilities_framework, Utilities_testing_accelerator, Vm_virtualbox, Webcenter_portal, Weblogic_server, Zfs_storage_appliance_kit, Zfs_storage_application_integration_engineering_software, Fuse, Hibernate_validator, Jboss_data_grid, Jboss_enterprise_application_platform, Openshift_application_runtimes, Single_sign\-On	6.1