Vulnerabilities > Oracle > Enterprise Manager Base Platform
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-06-25 | CVE-2018-11039 | Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. | 5.9 |
2018-05-11 | CVE-2018-1257 | Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. | 6.5 |
2018-04-19 | CVE-2018-2750 | Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5 Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Products Suite (subcomponent: UI Framework). | 7.1 |
2017-08-08 | CVE-2017-10091 | Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0/13.1.0/13.2.0 Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: UI Framework). | 7.7 |
2017-06-16 | CVE-2017-9735 | Information Exposure Through Discrepancy vulnerability in multiple products Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords. | 7.5 |
2017-04-24 | CVE-2017-3518 | Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0/13.1.0/13.2.0 Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Discovery Framework). | 7.5 |
2017-04-17 | CVE-2017-5645 | Deserialization of Untrusted Data vulnerability in multiple products In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. | 9.8 |
2016-10-25 | CVE-2016-5604 | Improper Access Control vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5 Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.5 allows local users to affect confidentiality and integrity via vectors related to Security Framework, a different vulnerability than CVE-2016-3563. | 6.3 |
2016-07-21 | CVE-2016-3563 | Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5 Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.5 allows local users to affect confidentiality and integrity via vectors related to Security Framework, a different vulnerability than CVE-2016-5604. | 6.3 |
2016-07-21 | CVE-2016-3540 | Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.1.0.0 Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.5 and 13.1.0.0 allows remote attackers to affect confidentiality via vectors related to UI Framework. | 4.3 |