Vulnerabilities > Oracle > Agile Engineering Data Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-01 | CVE-2019-0227 | Server-Side Request Forgery (SSRF) vulnerability in multiple products A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. | 7.5 |
| 2018-08-02 | CVE-2018-8032 | Cross-site Scripting vulnerability in multiple products Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services. | 6.1 |
| 2017-10-19 | CVE-2017-10161 | Unspecified vulnerability in Oracle Agile Engineering Data Management 6.1.3.0/6.2.2.0 Vulnerability in the Oracle Engineering Data Management component of Oracle Supply Chain Products Suite (subcomponent: Web Services Security). | 4.8 |
| 2017-05-04 | CVE-2017-3730 | NULL Pointer Dereference vulnerability in multiple products In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. | 7.5 |
| 2017-04-06 | CVE-2016-8735 | Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. | 9.8 |
| 2016-10-25 | CVE-2016-5518 | Unspecified vulnerability in Oracle Agile Engineering Data Management 6.1.3.0/6.2.0.0 Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.3.0 and 6.2.0.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to webfileservices. | 8.1 |
| 2016-07-21 | CVE-2016-3468 | Unspecified vulnerability in Oracle Agile Engineering Data Management 6.1.3.0/6.2.0.0 Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.3.0 and 6.2.0.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Install. | 9.8 |
| 2016-04-21 | CVE-2016-3428 | Unspecified vulnerability in Oracle Agile Engineering Data Management 6.1.3.0/6.2.0.0 Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.3.0 and 6.2.0.0 allows remote attackers to affect availability via vectors related to Engineering Communication Interface. high complexity oracle | 3.1 |