2021-02-23
|
CVE-2021-22112
|
Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application's intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of...
|
Communications_element_manager, Communications_interactive_session_recorder, Communications_unified_inventory_management, Hospitality_cruise_shipboard_property_management_system, Insurance_policy_administration, Mysql_enterprise_monitor, Spring_security, Spring_security
|
8.8
|
|
|
2021-07-12
|
CVE-2021-30640
|
A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65.
|
Tomcat, Debian_linux, Communications_cloud_native_core_policy, Communications_diameter_signaling_router, Communications_pricing_design_center, Hospitality_cruise_shipboard_property_management_system, Tekelec_platform_distribution
|
6.5
|
|
|
2021-07-12
|
CVE-2021-33037
|
Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding; and - Tomcat did not ensure that, if present, the chunked encoding was the...
|
Tomcat, Tomee, Debian_linux, Epolicy_orchestrator, Agile_plm, Communications_cloud_native_core_policy, Communications_cloud_native_core_service_communication_proxy, Communications_diameter_signaling_router, Communications_instant_messaging_server, Communications_policy_management, Communications_pricing_design_center, Communications_session_report_manager, Communications_session_route_manager, Graph_server_and_client, Healthcare_translational_research, Hospitality_cruise_shipboard_property_management_system, Instantis_enterprisetrack, Managed_file_transfer, Mysql_enterprise_monitor, Sd\-Wan_edge, Secure_global_desktop, Utilities_testing_accelerator
|
5.3
|
|
|
2021-10-14
|
CVE-2021-42340
|
The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.
|
Tomcat, Debian_linux, Hci, Management_services_for_element_software, Agile_engineering_data_management, Big_data_spatial_and_graph, Communications_diameter_signaling_router, Hospitality_cruise_shipboard_property_management_system, Managed_file_transfer, Middleware_common_libraries_and_tools, Payment_interface, Retail_customer_insights, Retail_data_extractor_for_merchandising, Retail_eftlink, Retail_financial_integration, Retail_store_inventory_management, Sd\-Wan_edge, Taleo_platform
|
7.5
|
|
|
2022-05-12
|
CVE-2022-29885
|
The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks.
|
Tomcat, Debian_linux, Hospitality_cruise_shipboard_property_management_system
|
7.5
|
|
|
2019-11-08
|
CVE-2019-10219
|
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
|
Active_iq_unified_manager, Element, Management_services_for_element_software_and_netapp_hci, Snapcenter_plug\-In, Access_manager, Agile_engineering_data_management, Agile_plm, Agile_product_lifecycle_analytics, Agile_product_lifecycle_management_integration_pack, Airlines_data_model, Application_express, Application_performance_management, Application_testing_suite, Argus_analytics, Argus_insight, Argus_safety, Banking_apis, Banking_deposits_and_lines_of_credit_servicing, Banking_digital_experience, Banking_enterprise_default_management, Banking_enterprise_default_managment, Banking_loans_servicing, Banking_party_management, Banking_platform, Bi_publisher, Big_data_spatial_and_graph, Business_activity_monitoring, Business_intelligence, Business_process_management_suite, Clinical, Commerce_guided_search, Commerce_platform, Communications_application_session_controller, Communications_billing_and_revenue_management, Communications_billing_and_revenue_management_elastic_charging_engine, Communications_calendar_server, Communications_cloud_native_core_automated_test_suite, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_console, Communications_cloud_native_core_network_function_cloud_native_environment, Communications_cloud_native_core_network_repository_function, Communications_cloud_native_core_policy, Communications_cloud_native_core_security_edge_protection_proxy, Communications_cloud_native_core_service_communication_proxy, Communications_cloud_native_core_unified_data_repository, Communications_contacts_server, Communications_converged_application_server_\-_service_controller, Communications_convergence, Communications_convergent_charging_controller, Communications_data_model, Communications_design_studio, Communications_diameter_signaling_route, Communications_eagle_application_processor, Communications_instant_messaging_server, Communications_interactive_session_recorder, Communications_messaging_server, Communications_metasolv_solution, Communications_network_charging_and_control, Communications_network_integrity, Communications_offline_mediation_controller, Communications_operations_monitor, Communications_pricing_design_center, Communications_service_broker, Communications_services_gatekeeper, Communications_session_border_controller, Communications_unified_inventory_management, Communications_webrtc_session_controller, Data_integrator, Database_server, Demantra_demand_management, Documaker, E\-Business_suite, Enterprise_communications_broker, Enterprise_data_quality, Enterprise_manager_base_platform, Enterprise_manager_ops_center, Enterprise_session_border_controller, Essbase, Essbase_administration_services, Financial_services_analytical_applications_infrastructure, Financial_services_behavior_detection_platform, Financial_services_enterprise_case_management, Financial_services_foreign_account_tax_compliance_act_management, Financial_services_model_management_and_governance, Financial_services_trade\-Based_anti_money_laundering, Flexcube_investor_servicing, Flexcube_private_banking, Fujitsu_m10\-1_firmware, Fujitsu_m10\-4_firmware, Fujitsu_m10\-4s_firmware, Fujitsu_m12\-1_firmware, Fujitsu_m12\-2_firmware, Fujitsu_m12\-2s_firmware, Fusion_middleware, Fusion_middleware_mapviewer, Goldengate, Goldengate_application_adapters, Graalvm, Graph_server_and_client, Health_sciences_clinical_development_analytics, Health_sciences_inform_crf_submit, Health_sciences_information_manager, Healthcare_data_repository, Healthcare_foundation, Healthcare_translational_research, Hospitality_cruise_shipboard_property_management_system, Hospitality_opera_5_property_services, Hospitality_reporting_and_analytics, Hospitality_suite8, Http_server, Hyperion_financial_management, Hyperion_ilearning, Hyperion_infrastructure_technology, Instantis_enterprisetrack, Insurance_data_gateway, Insurance_insbridge_rating_and_underwriting, Insurance_policy_administration, Insurance_policy_administration_j2ee, Insurance_rules_palette, Java_se, Jd_edwards_enterpriseone_orchestrator, Jdk, Managed_file_transfer, Mysql_cluster, Mysql_connectors, Mysql_server, Mysql_workbench, Nosql_database, Oss_support_tools, Peoplesoft_enterprise_cs_sa_integration_pack, Peoplesoft_enterprise_people_tools, Peoplesoft_enterprise_peopletools, Policy_automation, Primavera_analytics, Primavera_data_warehouse, Primavera_gateway, Primavera_p6_enterprise_project_portfolio_management, Primavera_p6_professional_project_management, Primavera_portfolio_management, Primavera_unifier, Rapid_planning, Real\-Time_decision_server, Real_user_experience_insight, Rest_data_services, Retail_allocation, Retail_analytics, Retail_assortment_planning, Retail_back_office, Retail_central_office, Retail_customer_insights, Retail_customer_management_and_segmentation_foundation, Retail_eftlink, Retail_extract_transform_and_load, Retail_financial_integration, Retail_fiscal_management, Retail_integration_bus, Retail_invoice_matching, Retail_merchandising_system, Retail_order_broker, Retail_order_management_system, Retail_point\-Of\-Sale, Retail_predictive_application_server, Retail_price_management, Retail_returns_management, Retail_service_backbone, Retail_size_profile_optimization, Retail_xstore_point_of_service, Sd\-Wan_aware, Sd\-Wan_edge, Secure_backup, Siebel_applications, Solaris, Spatial_studio, Thesaurus_management_system, Timesten_in\-Memory_database, Utilities_framework, Utilities_testing_accelerator, Vm_virtualbox, Webcenter_portal, Weblogic_server, Zfs_storage_appliance_kit, Zfs_storage_application_integration_engineering_software, Fuse, Hibernate_validator, Jboss_data_grid, Jboss_enterprise_application_platform, Openshift_application_runtimes, Single_sign\-On
|
6.1
|
|
|
2017-10-19
|
CVE-2017-10361
|
Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: OHC DRS). The supported version that is affected is 8.0.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Cruise Shipboard Property Management System. While the vulnerability is in Oracle Hospitality Cruise Shipboard Property Management System, attacks may significantly...
|
Hospitality_cruise_shipboard_property_management_system
|
6.4
|
|
|
2017-08-08
|
CVE-2017-10228
|
Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: Module). The supported version that is affected is 8.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Cruise Shipboard Property Management System. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle...
|
Hospitality_cruise_shipboard_property_management_system
|
5.4
|
|
|
2019-01-16
|
CVE-2019-2411
|
Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: SPMS Suite). The supported version that is affected is 8.0.8. Easily exploitable vulnerability allows low privileged attacker with network access via TCP to compromise Oracle Hospitality Cruise Shipboard Property Management System. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in...
|
Hospitality_cruise_shipboard_property_management_system
|
7.6
|
|
|
2019-01-16
|
CVE-2019-2410
|
Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: DGS RES Online, FMS Sender, FMS Receiver, OHC WPF Security). The supported version that is affected is 8.0.8. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Cruise Shipboard Property Management System executes to compromise Oracle Hospitality Cruise Shipboard Property...
|
Hospitality_cruise_shipboard_property_management_system
|
5.1
|
|
|