Product:

Agile_plm

(Oracle)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 71
Date Id Summary Products Score Patch Annotated
2020-02-24 CVE-2020-1938 When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses.... Geode, Tomcat, Good_control, Workspaces_server, Debian_linux, Fedora, Data_availability_services, Oncommand_system_manager, Leap, Agile_engineering_data_management, Agile_plm, Communications_element_manager, Communications_instant_messaging_server, Health_sciences_empirica_inspections, Health_sciences_empirica_signal, Hospitality_guest_access, Instantis_enterprisetrack, Mysql_enterprise_monitor, Siebel_ui_framework, Transportation_management, Workload_manager 9.8
2020-03-02 CVE-2020-9546 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config). Debian_linux, Jackson\-Databind, Active_iq_unified_manager, Agile_plm, Autovue_for_agile_product_lifecycle_management, Banking_digital_experience, Banking_platform, Communications_calendar_server, Communications_contacts_server, Communications_diameter_signaling_router, Communications_element_manager, Communications_evolved_communications_application_server, Communications_instant_messaging_server, Communications_network_charging_and_control, Communications_session_report_manager, Communications_session_route_manager, Enterprise_manager_base_platform, Financial_services_analytical_applications_infrastructure, Financial_services_institutional_performance_analytics, Financial_services_price_creation_and_discovery, Financial_services_retail_customer_analytics, Global_lifecycle_management_opatch, Insurance_policy_administration_j2ee, Jd_edwards_enterpriseone_orchestrator, Jd_edwards_enterpriseone_tools, Primavera_unifier, Retail_merchandising_system, Retail_sales_audit, Retail_service_backbone, Retail_xstore_point_of_service, Weblogic_server 9.8
2020-03-02 CVE-2020-9548 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core). Debian_linux, Jackson\-Databind, Active_iq_unified_manager, Agile_plm, Autovue_for_agile_product_lifecycle_management, Banking_digital_experience, Banking_platform, Communications_calendar_server, Communications_contacts_server, Communications_diameter_signaling_router, Communications_element_manager, Communications_evolved_communications_application_server, Communications_instant_messaging_server, Communications_network_charging_and_control, Communications_session_report_manager, Communications_session_route_manager, Enterprise_manager_base_platform, Global_lifecycle_management_opatch, Jd_edwards_enterpriseone_orchestrator, Jd_edwards_enterpriseone_tools, Primavera_unifier, Retail_merchandising_system, Retail_sales_audit, Retail_xstore_point_of_service, Weblogic_server 9.8
2020-03-07 CVE-2020-9281 A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax). Ckeditor, Drupal, Fedora, Agile_plm, Application_express, Banking_enterprise_default_management, Banking_enterprise_default_managment, Jd_edwards_enterpriseone_tools, Peoplesoft_enterprise_peopletools, Siebel_apps_\-_customer_order_management, Webcenter_portal 6.1
2020-05-20 CVE-2020-9484 When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be... Tomcat, Ubuntu_linux, Debian_linux, Fedora, Epolicy_orchestrator, Leap, Agile_engineering_data_management, Agile_plm, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_policy, Communications_diameter_signaling_router, Communications_element_manager, Communications_instant_messaging_server, Communications_session_report_manager, Communications_session_route_manager, Database, Fmw_platform, Hospitality_guest_access, Instantis_enterprisetrack, Managed_file_transfer, Mysql_enterprise_monitor, Retail_order_broker, Siebel_apps_\-_marketing, Siebel_ui_framework, Transportation_management, Workload_manager 7.0
2020-06-14 CVE-2020-14061 FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms). Debian_linux, Jackson\-Databind, Active_iq_unified_manager, Steelstore_cloud_integrated_storage, Agile_plm, Autovue_for_agile_product_lifecycle_management, Banking_digital_experience, Communications_calendar_server, Communications_contacts_server, Communications_diameter_signaling_router, Communications_element_manager, Communications_evolved_communications_application_server, Communications_instant_messaging_server, Communications_session_report_manager, Communications_session_route_manager 8.1
2020-06-14 CVE-2020-14062 FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2). Debian_linux, Jackson\-Databind, Active_iq_unified_manager, Steelstore_cloud_integrated_storage, Agile_plm, Banking_digital_experience, Communications_calendar_server, Communications_contacts_server, Communications_diameter_signaling_router, Communications_element_manager, Communications_evolved_communications_application_server, Communications_session_report_manager, Communications_session_route_manager 8.1
2020-06-14 CVE-2020-14060 FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill). Jackson\-Databind, Active_iq_unified_manager, Steelstore_cloud_integrated_storage, Agile_plm, Banking_digital_experience, Communications_calendar_server, Communications_contacts_server, Communications_diameter_signaling_router, Communications_element_manager, Communications_evolved_communications_application_server, Communications_session_report_manager, Communications_session_route_manager 8.1
2020-06-16 CVE-2020-14195 FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity). Debian_linux, Jackson\-Databind, Active_iq_unified_manager, Steelstore_cloud_integrated_storage, Agile_plm, Banking_digital_experience, Communications_calendar_server, Communications_contacts_server, Communications_diameter_signaling_router, Communications_element_manager, Communications_evolved_communications_application_server, Communications_instant_messaging_server, Communications_session_report_manager, Communications_session_route_manager 8.1
2020-07-14 CVE-2020-13935 The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service. Tomcat, Ubuntu_linux, Debian_linux, Epolicy_orchestrator, Oncommand_system_manager, Leap, Agile_engineering_data_management, Agile_plm, Blockchain_platform, Commerce_guided_search, Communications_cloud_native_core_policy, Communications_instant_messaging_server, Fmw_platform, Instantis_enterprisetrack, Managed_file_transfer, Mysql_enterprise_monitor, Siebel_ui_framework, Workload_manager 7.5