Vulnerabilities > Oracle > Enterprise Manager Base Platform
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-05-14 | CVE-2020-11972 | Deserialization of Untrusted Data vulnerability in multiple products Apache Camel RabbitMQ enables Java deserialization by default. | 9.8 |
2020-05-14 | CVE-2020-11971 | Apache Camel's JMX is vulnerable to Rebind Flaw. | 7.5 |
2020-05-01 | CVE-2020-10683 | XXE vulnerability in multiple products dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. | 9.8 |
2020-04-21 | CVE-2020-1967 | NULL Pointer Dereference vulnerability in multiple products Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. | 7.5 |
2020-04-15 | CVE-2020-2961 | Unspecified vulnerability in Oracle Enterprise Manager Base Platform 13.2.0.0/13.3.0.0 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Discovery Framework (Oracle OHS)). | 9.8 |
2020-04-07 | CVE-2020-11620 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly). | 8.1 |
2020-04-07 | CVE-2020-11619 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop). | 8.1 |
2020-04-01 | CVE-2020-1954 | Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. | 5.3 |
2020-03-31 | CVE-2020-11113 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa). | 8.8 |
2020-03-31 | CVE-2020-11112 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy). | 8.8 |