Vulnerabilities > Oracle > Enterprise Manager Base Platform

DATE CVE VULNERABILITY TITLE RISK
2018-06-25 CVE-2018-11039 Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC.
network
high complexity
vmware oracle debian
5.9
2018-05-11 CVE-2018-1257 Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module.
network
low complexity
vmware redhat oracle
6.5
2018-04-19 CVE-2018-2750 Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5
Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Products Suite (subcomponent: UI Framework).
network
low complexity
oracle
7.1
2017-08-08 CVE-2017-10091 Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0/13.1.0/13.2.0
Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: UI Framework).
network
low complexity
oracle
7.7
2017-06-16 CVE-2017-9735 Information Exposure Through Discrepancy vulnerability in multiple products
Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.
network
low complexity
eclipse debian oracle CWE-203
7.5
2017-04-24 CVE-2017-3518 Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0/13.1.0/13.2.0
Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Discovery Framework).
network
low complexity
oracle
7.5
2017-04-17 CVE-2017-5645 Deserialization of Untrusted Data vulnerability in multiple products
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
network
low complexity
apache netapp redhat oracle CWE-502
critical
9.8
2016-10-25 CVE-2016-5604 Improper Access Control vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.5 allows local users to affect confidentiality and integrity via vectors related to Security Framework, a different vulnerability than CVE-2016-3563.
local
low complexity
oracle CWE-284
6.3
2016-07-21 CVE-2016-3563 Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.5 allows local users to affect confidentiality and integrity via vectors related to Security Framework, a different vulnerability than CVE-2016-5604.
local
low complexity
oracle
6.3
2016-07-21 CVE-2016-3540 Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.1.0.0
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.5 and 13.1.0.0 allows remote attackers to affect confidentiality via vectors related to UI Framework.
network
low complexity
oracle
4.3