Vulnerabilities > Oracle > Fusion Middleware > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-07-18 CVE-2023-21994 Unspecified vulnerability in Oracle Fusion Middleware
Vulnerability in the Oracle Mobile Security Suite product of Oracle Fusion Middleware (component: Android Mobile Authenticator App).
low complexity
oracle
6.5
2020-09-19 CVE-2020-5421 In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
network
high complexity
vmware oracle netapp
6.5
2019-11-08 CVE-2019-10219 Cross-site Scripting vulnerability in multiple products
A vulnerability was found in Hibernate-Validator.
network
low complexity
redhat netapp oracle CWE-79
6.1
2018-08-02 CVE-2018-3109 Unspecified vulnerability in Oracle Fusion Middleware 12.2.1.2/12.2.1.3
Vulnerability in the Oracle Fusion Middleware MapViewer component of Oracle Fusion Middleware (subcomponent: Map Builder).
network
low complexity
oracle
4.0
2018-02-28 CVE-2018-1304 The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition.
network
high complexity
apache redhat debian canonical oracle
5.9
2018-02-23 CVE-2018-1305 Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded.
network
low complexity
apache debian canonical oracle
6.5
2016-01-21 CVE-2016-0470 Remote Security vulnerability in Oracle Fusion Middleware 11.1.1.7.0/11.1.1.9/12.2.1
Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to BI Publisher Security.
network
low complexity
oracle
5.5
2016-01-21 CVE-2016-0464 Remote Security vulnerability in Oracle Fusion Middleware 10.3.6/12.1.2.0/12.1.3.0
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via vectors related to WLS-Console.
network
oracle
4.3
2016-01-21 CVE-2016-0441 Remote Security vulnerability in Oracle Fusion Middleware 3.1.2
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.1.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Embedded Server.
network
high complexity
oracle
6.8
2016-01-21 CVE-2016-0439 Remote Security vulnerability in Oracle Fusion Middleware 11.1.1.7.0/11.1.1.9
Unspecified vulnerability in the Web Cache component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.9.0 allows remote attackers to affect confidentiality via vectors related to SSL support, a different vulnerability than CVE-2016-0430.
network
low complexity
oracle
5.0