Vulnerabilities > Oracle > Enterprise Manager Base Platform
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-18 | CVE-2022-21623 | Unspecified vulnerability in Oracle Enterprise Manager Base Platform 13.4.0.0/13.5.0.0 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Application Config Console). | 7.5 |
| 2022-07-19 | CVE-2022-21516 | Unspecified vulnerability in Oracle Enterprise Manager Base Platform 13.4.0.0/13.5.0.0 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Manager Install). | 7.3 |
| 2022-07-19 | CVE-2022-21536 | Unspecified vulnerability in Oracle Enterprise Manager Base Platform 13.4.0.0/13.5.0.0 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Policy Framework). | 8.1 |
| 2022-04-21 | CVE-2022-29577 | Cross-site Scripting vulnerability in multiple products OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input. | 6.1 |
| 2022-04-19 | CVE-2022-21469 | Unspecified vulnerability in Oracle Enterprise Manager Base Platform 13.4.0.0/13.5.0.0 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: UI Framework). | 4.7 |
| 2022-01-19 | CVE-2022-21392 | Unspecified vulnerability in Oracle Enterprise Manager Base Platform 13.4.0.0/13.5.0.0 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Policy Framework). | 8.8 |
| 2022-01-18 | CVE-2022-23302 | Deserialization of Untrusted Data vulnerability in multiple products JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. | 8.8 |
| 2022-01-18 | CVE-2022-23305 | SQL Injection vulnerability in multiple products By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. | 9.8 |
| 2022-01-18 | CVE-2022-23307 | Deserialization of Untrusted Data vulnerability in multiple products CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. | 8.8 |
| 2021-12-18 | CVE-2021-45105 | Uncontrolled Recursion vulnerability in multiple products Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. | 5.9 |