Vulnerabilities for Endeca information discovery integrator (...) - CXSECURITY.COM

Vulnerabilities for
'Endeca information discovery integrator'

2018-10-16

CVE-2018-3215

CWE-noinfo

Vulnerability in the Oracle Endeca Information Discovery Integrator component of Oracle Fusion Middleware (subcomponent: Integrator ETL). Supported versions that are affected are 3.1.0 and 3.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Endeca Information Discovery Integrator. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Endeca Information Discovery Integrator accessible data as well as unauthorized read access to a subset of Oracle Endeca Information Discovery Integrator accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N).

2018-06-25

CVE-2018-11040

CWE-829

Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests.

2018-05-11

CVE-2018-1258

CWE-863

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.

CVE-2018-1257

CWE-20

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.

>>> Vendor: Oracle 744 Products

Communications server

Java virtual machine

Database server

Database assistant

Application server

Iplanet web server

Weblogic server

Internet directory

E-business suite

Application server web cache

Corporate time outlook connector

Application server portal

Java system application server

Collaboration suite

Enterprise manager

Enterprise manager database control

Enterprise manager grid control

Database server lite

Secure global desktop

10g reports server

Weblogic portal

10g enterprise manager database control

Enterprise manager application server control

Peoplesoft enterprise

Peoplesoft enterprise customer relationship management

Application server discussion forum portlet

Peoplesoft enterprise portal

10g enterprise manager grid control

Developer suite

Enterpriseone tools

Collaboration suite 10g release 1

Peoplesoft enterprise tools

Identity manager

Java dynamic management kit

Weblogic workshop

Rapid install web server

Peoplesoft enterprise human capital management

Peoplesoft enterprise peopletools

Secure enterprise search

Enterprise grid console server

Business process management suite

Application server 9i

Applications manager

Application express

Application server 10g

E-business suite 11i

E-business suite 12

Peoplesoft hcm eperformance

Siebel enterprise

Bea product suite

Webloic server component

Weblogic server component

Oracle portal component

Report manager component

See all Products for Vendor Oracle

Copyright 2024, cxsecurity.com