Vulnerabilities > Oracle > Application Testing Suite > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-16 | CVE-2018-3304 | Unspecified vulnerability in Oracle Application Testing Suite Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite (subcomponent: Load Testing for Web Apps). | 6.5 |
| 2018-08-31 | CVE-2018-11057 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. | 5.9 |
| 2018-08-31 | CVE-2018-11056 | Resource Exhaustion vulnerability in multiple products RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.3 (in 4.0.x) contain an Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability when parsing ASN.1 data. | 6.5 |
| 2018-08-31 | CVE-2018-11055 | Improper Resource Shutdown or Release vulnerability in multiple products RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. | 5.5 |
| 2018-08-02 | CVE-2018-8032 | Cross-site Scripting vulnerability in multiple products Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services. | 6.1 |
| 2018-06-25 | CVE-2018-11039 | Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. | 5.9 |
| 2018-05-11 | CVE-2018-1257 | Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. | 6.5 |
| 2018-04-06 | CVE-2018-1271 | Path Traversal vulnerability in multiple products Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. | 5.9 |
| 2017-01-27 | CVE-2017-3311 | Unspecified vulnerability in Oracle Application Testing Suite 12.4.0.2/12.5.0.2/12.5.0.3 Vulnerability in the Application Testing Suite component of Oracle Enterprise Manager Grid Control (subcomponent: Test Manager for Web Apps). | 5.3 |