Product:

Jd_edwards_enterpriseone_tools

(Oracle)
Date Id Summary Products Score Patch Annotated
2022-07-19 CVE-2022-21542 Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime). Supported versions that are affected are 9.2.6.3 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. While the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in... Jd_edwards_enterpriseone_tools 7.4
2022-04-19 CVE-2022-21464 Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Business Logic Infra SEC). The supported version that is affected is Prior to 9.2.6.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of JD Edwards EnterpriseOne Tools and... Jd_edwards_enterpriseone_tools 8.2
2022-04-19 CVE-2022-21409 Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime). The supported version that is affected is Prior to 9.2.6.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact... Jd_edwards_enterpriseone_tools 6.1
2018-08-31 CVE-2018-11054 RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service. Bsafe, Application_testing_suite, Communications_analytics, Communications_ip_service_activator, Core_rdbms, Enterprise_manager_ops_center, Goldengate_application_adapters, Jd_edwards_enterpriseone_tools, Real_user_experience_insight, Retail_predictive_application_server, Security_service, Timesten_in\-Memory_database 7.5
2018-08-31 CVE-2018-11055 RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Decoded PKCS #12 data in heap memory is not zeroized by MES before releasing the memory internally and a malicious local user could gain access to the unauthorized data by doing heap inspection. Bsafe, Application_testing_suite, Communications_analytics, Communications_ip_service_activator, Core_rdbms, Enterprise_manager_ops_center, Goldengate_application_adapters, Jd_edwards_enterpriseone_tools, Real_user_experience_insight, Retail_predictive_application_server, Security_service, Timesten_in\-Memory_database 5.5
2018-08-31 CVE-2018-11056 RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.3 (in 4.0.x) contain an Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would exhaust the stack, potentially causing a Denial Of Service. Bsafe, Bsafe_crypto\-C, Application_testing_suite, Communications_analytics, Communications_ip_service_activator, Core_rdbms, Enterprise_manager_ops_center, Goldengate_application_adapters, Jd_edwards_enterpriseone_tools, Real_user_experience_insight, Retail_predictive_application_server, Security_service, Timesten_in\-Memory_database 6.5
2018-08-31 CVE-2018-11057 RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key. Bsafe, Application_testing_suite, Communications_analytics, Communications_ip_service_activator, Core_rdbms, Enterprise_manager_ops_center, Goldengate_application_adapters, Jd_edwards_enterpriseone_tools, Real_user_experience_insight, Retail_predictive_application_server, Security_service, Timesten_in\-Memory_database 5.9
2018-09-14 CVE-2018-11058 RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would result in such issue. Bsafe, Bsafe_crypto\-C, Application_testing_suite, Communications_analytics, Communications_ip_service_activator, Core_rdbms, Enterprise_manager_ops_center, Goldengate_application_adapters, Jd_edwards_enterpriseone_tools, Real_user_experience_insight, Retail_predictive_application_server, Security_service, Timesten_in\-Memory_database 9.8
2018-11-16 CVE-2018-15769 RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value is sent to the TLS client, and an Ephemeral or Anonymous Diffie-Hellman cipher suite (DHE or ADH) is used. Bsafe, Application_testing_suite, Communications_analytics, Communications_ip_service_activator, Core_rdbms, Enterprise_manager_ops_center, Goldengate_application_adapters, Jd_edwards_enterpriseone_tools, Real_user_experience_insight, Retail_predictive_application_server, Security_service, Timesten_in\-Memory_database 7.5
2021-01-26 CVE-2021-26272 It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plugin). Ckeditor, Agile_plm, Application_express, Banking_party_management, Commerce_merchandising, Financial_services_analytical_applications_infrastructure, Financial_services_model_management_and_governance, Jd_edwards_enterpriseone_tools, Siebel_ui_framework, Webcenter_sites 6.5