Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Jd_edwards_enterpriseone_tools
(Oracle)Repositories |
• https://github.com/FasterXML/jackson-databind
• https://github.com/jquery/jquery • https://github.com/openssl/openssl |
#Vulnerabilities | 127 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2020-11-12 | CVE-2020-27193 | A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs. | Ckeditor, Agile_plm, Application_express, Banking_party_management, Banking_platform, Commerce_merchandising, Financial_services_analytical_applications_infrastructure, Jd_edwards_enterpriseone_tools, Peoplesoft_enterprise_peopletools | 6.1 | ||
2021-01-26 | CVE-2021-26271 | It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs plugin). | Ckeditor, Agile_plm, Application_express, Financial_services_analytical_applications_infrastructure, Jd_edwards_enterpriseone_tools, Siebel_ui_framework, Webcenter_sites | 6.5 | ||
2021-07-21 | CVE-2021-2373 | Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime). Supported versions that are affected are 9.2.5.3 and Prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact... | Jd_edwards_enterpriseone_tools | 5.4 | ||
2021-07-21 | CVE-2021-2375 | Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime). Supported versions that are affected are 9.2.5.3 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact... | Jd_edwards_enterpriseone_tools | 6.1 | ||
2020-04-15 | CVE-2020-2733 | Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitoring and Diagnostics). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS... | Jd_edwards_enterpriseone_tools | N/A | ||
2017-04-24 | CVE-2017-3517 | Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime SEC). The supported version that is affected is 9.2. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data and unauthorized ability to cause a... | Jd_edwards_enterpriseone_tools | 6.5 | ||
2019-03-21 | CVE-2018-12022 | An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload. | Jackson\-Databind, Fedora, Jd_edwards_enterpriseone_tools, Retail_merchandising_system | 7.5 | ||
2017-12-01 | CVE-2017-15707 | In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload. | Struts, Oncommand_balance, Agile_plm_framework, Enterprise_manager_for_virtualization, Financial_services_hedge_management_and_ifrs_valuations, Financial_services_market_risk_measurement_and_management, Global_lifecycle_management_opatchauto, Jd_edwards_enterpriseone_tools, Retail_order_broker, Retail_xstore_point_of_service, Webcenter_portal, Weblogic_server | 6.2 | ||
2018-07-18 | CVE-2018-3006 | Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact... | Jd_edwards_enterpriseone_tools | 6.1 | ||
2018-07-18 | CVE-2018-2999 | Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact... | Jd_edwards_enterpriseone_tools | 6.1 |