RSS   Vulnerabilities for 'Fusion middleware mapviewer'   RSS

2020-07-15
 
CVE-2020-14608

NVD-CWE-noinfo
 

 
Vulnerability in the Oracle Fusion Middleware MapViewer product of Oracle Fusion Middleware (component: Tile Server). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Fusion Middleware MapViewer. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Fusion Middleware MapViewer accessible data as well as unauthorized read access to a subset of Oracle Fusion Middleware MapViewer accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N).

 
 
CVE-2020-14607

CWE-79
 

 
Vulnerability in the Oracle Fusion Middleware MapViewer product of Oracle Fusion Middleware (component: Tile Server). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Fusion Middleware MapViewer. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Fusion Middleware MapViewer, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Fusion Middleware MapViewer accessible data as well as unauthorized read access to a subset of Oracle Fusion Middleware MapViewer accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).

 
2018-07-18
 
CVE-2018-2943

CWE-noinfo
 

 
Vulnerability in the Oracle Fusion Middleware MapViewer component of Oracle Fusion Middleware (subcomponent: Map Builder). Supported versions that are affected are 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Fusion Middleware MapViewer. Successful attacks of this vulnerability can result in takeover of Oracle Fusion Middleware MapViewer. CVSS 3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

 
2018-05-24
 
CVE-2018-8013

CWE-502
 

 
In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.

 
2018-01-18
 
CVE-2015-9251

CWE-79
 

 
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

 
2017-04-24
 
CVE-2017-3230

CWE-noinfo
 

 
Vulnerability in the Oracle Fusion Middleware MapViewer component of Oracle Fusion Middleware (subcomponent: Map Builder). Supported versions that are affected are 11.1.1.9, 12.2.1.1 and 12.2.1.2. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Fusion Middleware MapViewer. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Fusion Middleware MapViewer accessible data as well as unauthorized read access to a subset of Oracle Fusion Middleware MapViewer accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Fusion Middleware MapViewer. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L).

 
2017-04-17
 
CVE-2017-5645

CWE-502
 

 
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.

 

 >>> Vendor: Oracle 744 Products
Linux
Solaris
Sunos
Http server
Communications server
JAVA
Oracle8i
Java virtual machine
Database server
Mysql
Database assistant
Web listener
Application server
Iplanet web server
Weblogic server
Listener
Internet directory
JDK
Oracle9i
E-business suite
JSP
Application server web cache
JRE
Tuxedo
SDK
Corporate time outlook connector
Reports
Peopletools
Configurator
Database
Applications
Oracle files
Application server portal
Java system application server
Collaboration suite
Enterprise manager
Enterprise manager database control
Enterprise manager grid control
Oracle10g
Database server lite
Secure global desktop
10g reports server
Forms
Weblogic portal
Jdeveloper
Forms builder
Html db
Clinical
10g enterprise manager database control
Enterprise manager application server control
Peoplesoft enterprise
Enterpriseone
Peoplesoft enterprise customer relationship management
Application server discussion forum portlet
Isupport
Peoplesoft enterprise portal
Oracle client
10g enterprise manager grid control
Developer suite
Workflow
Diagnostics
Enterpriseone tools
Oneworld tools
Collaboration suite 10g release 1
Peoplesoft enterprise tools
Pharmaceutical
Exchange
Identity manager
APEX
Portal
Jrockit
Access manager
Java dynamic management kit
Weblogic workshop
Rapid install web server
Peoplesoft enterprise human capital management
Peoplesoft enterprise peopletools
Secure enterprise search
Jinitiator
Opensolaris
Enterprise grid console server
Opmn daemon
Mysql server
Business process management suite
Application server 9i
Applications manager
Application express
Database 9i
Application server 10g
Database 10g
Database 11g
E-business suite 11i
E-business suite 12
Peoplesoft hcm eperformance
Siebel enterprise
Bea product suite
Webloic server component
Weblogic server component
Oracle portal component
Report manager component
See all Products for Vendor Oracle


Copyright 2024, cxsecurity.com

 

Back to Top