Vulnerabilities > Oracle > Enterprise Manager Base Platform > 13.2.1.0

DATE CVE VULNERABILITY TITLE RISK
2020-04-01 CVE-2020-1954 Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus.
high complexity
apache oracle netapp
5.3
2020-01-17 CVE-2020-5397 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints.
network
low complexity
vmware oracle CWE-352
5.3
2020-01-17 CVE-2020-5398 Download of Code Without Integrity Check vulnerability in multiple products
In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input.
network
high complexity
vmware oracle netapp CWE-494
7.5
2019-11-06 CVE-2019-12419 Incorrect Authorization vulnerability in multiple products
Apache CXF before 3.3.4 and 3.2.11 provides all of the components that are required to build a fully fledged OpenId Connect service.
network
low complexity
apache oracle CWE-863
critical
9.8
2019-07-26 CVE-2019-13990 XXE vulnerability in multiple products
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.
network
low complexity
softwareag oracle apache netapp atlassian CWE-611
critical
9.8
2019-04-22 CVE-2019-5427 XML Entity Expansion vulnerability in multiple products
c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.
network
low complexity
mchange fedoraproject oracle CWE-776
7.5