Fusion Middleware Mapviewer

DATE	CVE	VULNERABILITY TITLE	RISK
2021-04-13	CVE-2021-29425	Path Traversal vulnerability in multiple products In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value. network high complexity apache debian oracle netapp CWE-22	4.8
2021-02-24	CVE-2020-11987	Server-Side Request Forgery (SSRF) vulnerability in multiple products Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. network low complexity apache fedoraproject oracle debian CWE-918	8.2
2020-11-12	CVE-2019-17566	Server-Side Request Forgery (SSRF) vulnerability in multiple products Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. network low complexity apache oracle CWE-918	7.5
2020-07-15	CVE-2020-14608	Unspecified vulnerability in Oracle Fusion Middleware Mapviewer 12.2.1.3.0 Vulnerability in the Oracle Fusion Middleware MapViewer product of Oracle Fusion Middleware (component: Tile Server). network low complexity oracle	8.2
2020-07-15	CVE-2020-14607	Cross-site Scripting vulnerability in Oracle Fusion Middleware Mapviewer 12.2.1.3.0/12.2.1.4.0 Vulnerability in the Oracle Fusion Middleware MapViewer product of Oracle Fusion Middleware (component: Tile Server). network low complexity oracle CWE-79	6.1
2019-11-08	CVE-2019-10219	Cross-site Scripting vulnerability in multiple products A vulnerability was found in Hibernate-Validator. network low complexity redhat netapp oracle CWE-79	6.1
2019-07-26	CVE-2019-13990	XXE vulnerability in multiple products initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description. network low complexity softwareag oracle apache netapp atlassian CWE-611 critical	9.8
2019-04-20	CVE-2019-11358	jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. network low complexity jquery debian drupal backdropcms fedoraproject opensuse netapp redhat oracle joomla juniper	6.1
2018-07-18	CVE-2018-2943	Unspecified vulnerability in Oracle Fusion Middleware Mapviewer 12.2.1.2.0/12.2.1.3.0 Vulnerability in the Oracle Fusion Middleware MapViewer component of Oracle Fusion Middleware (subcomponent: Map Builder). network low complexity oracle critical	9.8
2018-05-24	CVE-2018-8013	Deserialization of Untrusted Data vulnerability in multiple products In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. network low complexity apache debian canonical oracle CWE-502 critical	9.8