|
2018-01-18
|
CVE-2015-9251
|
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
|
Jquery, Agile_product_lifecycle_management_for_process, Banking_platform, Business_process_management_suite, Communications_converged_application_server, Communications_interactive_session_recorder, Communications_services_gatekeeper, Communications_webrtc_session_controller, Endeca_information_discovery_studio, Enterprise_manager_ops_center, Enterprise_operations_monitor, Financial_services_analytical_applications_infrastructure, Financial_services_asset_liability_management, Financial_services_data_integration_hub, Financial_services_funds_transfer_pricing, Financial_services_hedge_management_and_ifrs_valuations, Financial_services_liquidity_risk_management, Financial_services_loan_loss_forecasting_and_provisioning, Financial_services_market_risk_measurement_and_management, Financial_services_profitability_management, Financial_services_reconciliation_framework, Fusion_middleware_mapviewer, Healthcare_foundation, Healthcare_translational_research, Hospitality_cruise_fleet_management, Hospitality_guest_access, Hospitality_materials_control, Hospitality_reporting_and_analytics, Insurance_insbridge_rating_and_underwriting, Jd_edwards_enterpriseone_tools, Jdeveloper, Oss_support_tools, Peoplesoft_enterprise_peopletools, Primavera_gateway, Primavera_unifier, Real\-Time_scheduler, Retail_allocation, Retail_customer_insights, Retail_invoice_matching, Retail_sales_audit, Retail_workforce_management_software, Service_bus, Siebel_ui_framework, Utilities_framework, Utilities_mobile_workforce_management, Webcenter_sites, Weblogic_server
|
6.1
|
|
|
|
2018-02-06
|
CVE-2017-15095
|
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.
|
Debian_linux, Jackson\-Databind, Oncommand_balance, Oncommand_performance_manager, Oncommand_shift, Snapcenter, Banking_platform, Clusterware, Communications_billing_and_revenue_management, Communications_diameter_signaling_router, Communications_instant_messaging_server, Database_server, Enterprise_manager_for_virtualization, Financial_services_analytical_applications_infrastructure, Global_lifecycle_management_opatchauto, Identity_manager, Jd_edwards_enterpriseone_tools, Primavera_unifier, Utilities_advanced_spatial_and_operational_analytics, Webcenter_portal, Jboss_enterprise_application_platform, Openshift_container_platform, Satellite, Satellite_capsule
|
9.8
|
|
|
|
2018-02-06
|
CVE-2017-7525
|
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
|
Debian_linux, Jackson\-Databind, Oncommand_balance, Oncommand_performance_manager, Oncommand_shift, Snapcenter, Banking_platform, Communications_billing_and_revenue_management, Communications_communications_policy_management, Communications_diameter_signaling_route, Communications_instant_messaging_server, Enterprise_manager_for_virtualization, Financial_services_analytical_applications_infrastructure, Global_lifecycle_management_opatchauto, Primavera_unifier, Utilities_advanced_spatial_and_operational_analytics, Webcenter_portal, Jboss_enterprise_application_platform, Openshift_container_platform, Virtualization, Virtualization_host
|
9.8
|
|
|
|
2019-01-02
|
CVE-2018-14719
|
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.
|
Debian_linux, Jackson\-Databind, Oncommand_workflow_automation, Snapcenter, Steelstore_cloud_integrated_storage, Banking_platform, Business_process_management_suite, Clusterware, Communications_billing_and_revenue_management, Database_server, Enterprise_manager_for_virtualization, Financial_services_analytical_applications_infrastructure, Global_lifecycle_management_opatch, Jdeveloper, Primavera_p6_enterprise_project_portfolio_management, Primavera_unifier, Retail_merchandising_system, Retail_workforce_management_software, Webcenter_portal, Openshift_container_platform
|
9.8
|
|
|
|
2019-01-02
|
CVE-2018-14718
|
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.
|
Debian_linux, Jackson\-Databind, Oncommand_workflow_automation, Snapcenter, Steelstore_cloud_integrated_storage, Banking_platform, Business_process_management_suite, Communications_billing_and_revenue_management, Communications_instant_messaging_server, Enterprise_manager_for_virtualization, Financial_services_analytical_applications_infrastructure, Global_lifecycle_management_opatch, Jd_edwards_enterpriseone_orchestrator, Jd_edwards_enterpriseone_tools, Jdeveloper, Nosql_database, Primavera_p6_enterprise_project_portfolio_management, Primavera_unifier, Retail_customer_management_and_segmentation_foundation, Retail_merchandising_system, Retail_workforce_management_software, Siebel_engineering_\-_installer_\&_deployment, Siebel_ui_framework, Webcenter_portal, Openshift_container_platform
|
9.8
|
|
|
|
2019-01-02
|
CVE-2018-19360
|
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.
|
Debian_linux, Jackson\-Databind, Business_process_management_suite, Primavera_p6_enterprise_project_portfolio_management, Primavera_unifier, Retail_workforce_management_software, Webcenter_portal, Automation_manager, Decision_manager, Jboss_bpm_suite, Jboss_brms, Openshift_container_platform
|
9.8
|
|
|
|
2019-01-02
|
CVE-2018-14720
|
FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.
|
Debian_linux, Jackson\-Databind, Banking_platform, Communications_billing_and_revenue_management, Enterprise_manager_for_virtualization, Financial_services_analytical_applications_infrastructure, Jdeveloper, Primavera_unifier, Retail_merchandising_system, Webcenter_portal, Jboss_enterprise_application_platform, Openshift_container_platform
|
9.8
|
|
|
|
2019-01-02
|
CVE-2018-14721
|
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.
|
Debian_linux, Jackson\-Databind, Banking_platform, Communications_billing_and_revenue_management, Enterprise_manager_for_virtualization, Financial_services_analytical_applications_infrastructure, Jdeveloper, Primavera_unifier, Retail_merchandising_system, Webcenter_portal, Jboss_enterprise_application_platform, Openshift_container_platform
|
10.0
|
|
|
|
2019-01-02
|
CVE-2018-19361
|
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.
|
Debian_linux, Jackson\-Databind, Business_process_management_suite, Primavera_p6_enterprise_project_portfolio_management, Primavera_unifier, Retail_workforce_management_software, Webcenter_portal, Automation_manager, Decision_manager, Jboss_bpm_suite, Jboss_brms, Openshift_container_platform
|
9.8
|
|
|
|
2019-01-02
|
CVE-2018-19362
|
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.
|
Debian_linux, Jackson\-Databind, Business_process_management_suite, Primavera_p6_enterprise_project_portfolio_management, Primavera_unifier, Retail_workforce_management_software, Webcenter_portal, Automation_manager, Decision_manager, Jboss_bpm_suite, Jboss_brms, Openshift_container_platform
|
9.8
|
|
|