Vulnerabilities for Managed file transfer (...) - CXSECURITY.COM

Vulnerabilities for 'Managed file transfer'

2019-01-16

CVE-2019-2538

CWE-284

Vulnerability in the Oracle Managed File Transfer component of Oracle Fusion Middleware (subcomponent: MFT Runtime Server). Supported versions that are affected are 19.1.0.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Managed File Transfer. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Managed File Transfer accessible data as well as unauthorized read access to a subset of Oracle Managed File Transfer accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N).

2018-06-05

CVE-2018-1000180

CWE-327

Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later.

2018-02-23

CVE-2018-1305

CWE-noinfo

Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order Servlets were loaded - for some security constraints not to be applied. This could have exposed resources to users who were not authorised to access them.

>>> Vendor: Oracle 744 Products

Database server

Database assistant

Application server

Internet directory

E-business suite

Application server web cache

Corporate time outlook connector

Application server portal

Collaboration suite

Enterprise manager

Enterprise manager database control

Enterprise manager grid control

Database server lite

10g reports server

10g enterprise manager database control

Enterprise manager application server control

Peoplesoft enterprise

Peoplesoft enterprise customer relationship management

Application server discussion forum portlet

Peoplesoft enterprise portal

10g enterprise manager grid control

Developer suite

Collaboration suite 10g release 1

Peoplesoft enterprise tools

Rapid install web server

Peoplesoft enterprise human capital management

Peoplesoft enterprise peopletools

Secure enterprise search

Enterprise grid console server

Application server 9i

Application express

Application server 10g

E-business suite 11i

E-business suite 12

Peoplesoft hcm eperformance

Siebel enterprise

Bea product suite

Weblogic server

Webloic server component

Weblogic server component

Oracle portal component

Report manager component

Application object library

Advanced replication

Enterprise manager 10g

Instance management component

Advanced replication component

Oracle database

Oracle application server

Mobile application server

Times ten client server component

Times ten in memory database

Times ten client server

Spatial component

Data pump component

Authentication component

Advanced queuing component

Oracle applications technology stack component

Core rdbms component

Hyperion bi plus component

Database scheduler

Oracle http server component

Jd edwards enterpriseone

Peoplesoft peopletools component

Peoplesoft peopletools

Glassfish server

Jd edwards enterpriseone ep

Weblogic workshop

Timesten in-memory database

Enterprise manager grid control 10g

See all Products for Vendor Oracle

Copyright 2024, cxsecurity.com