Vulnerabilities > Oracle > Fusion Middleware

DATE CVE VULNERABILITY TITLE RISK
2023-07-18 CVE-2023-21994 Unspecified vulnerability in Oracle Fusion Middleware
Vulnerability in the Oracle Mobile Security Suite product of Oracle Fusion Middleware (component: Android Mobile Authenticator App).
low complexity
oracle
6.5
2021-07-21 CVE-2021-2351 Session Fixation vulnerability in Oracle products
Vulnerability in the Advanced Networking Option component of Oracle Database Server.
network
high complexity
oracle CWE-384
8.3
2020-11-02 CVE-2020-14750 Unspecified vulnerability in Oracle Fusion Middleware
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console).
network
low complexity
oracle
7.5
2020-09-19 CVE-2020-5421 In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
network
high complexity
vmware oracle netapp
6.5
2020-05-01 CVE-2020-10683 XXE vulnerability in multiple products
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks.
network
low complexity
dom4j-project oracle opensuse netapp canonical CWE-611
critical
9.8
2019-11-08 CVE-2019-10219 Cross-site Scripting vulnerability in multiple products
A vulnerability was found in Hibernate-Validator.
network
low complexity
redhat netapp oracle CWE-79
6.1
2019-08-20 CVE-2019-10086 Deserialization of Untrusted Data vulnerability in multiple products
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects.
7.3
2018-08-02 CVE-2018-3109 Unspecified vulnerability in Oracle Fusion Middleware 12.2.1.2/12.2.1.3
Vulnerability in the Oracle Fusion Middleware MapViewer component of Oracle Fusion Middleware (subcomponent: Map Builder).
network
low complexity
oracle
4.0
2018-08-02 CVE-2018-3108 Unspecified vulnerability in Oracle Fusion Middleware 12.2.1.2/12.2.1.3
Vulnerability in the Oracle Fusion Middleware component of Oracle Fusion Middleware (subcomponent: Oracle Notification Service).
network
oracle
3.5
2018-02-28 CVE-2018-1304 The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition.
network
high complexity
apache redhat debian canonical oracle
5.9