Identity Manager

DATE	CVE	VULNERABILITY TITLE	RISK
2021-07-21	CVE-2021-2457	Unspecified vulnerability in Oracle Identity Manager 11.1.2.3.0 Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: Request Management & Workflow). network low complexity oracle	5.0
2021-07-21	CVE-2021-2458	Unspecified vulnerability in Oracle Identity Manager Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: Identity Console). network oracle	4.9
2020-01-15	CVE-2020-2729	Unspecified vulnerability in Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: Advanced Console). network low complexity oracle	5.4
2020-01-15	CVE-2020-2728	Unspecified vulnerability in Oracle Identity Manager 12.2.1.3.0 Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: OIM - LDAP user and role Synch). network low complexity oracle	7.5
2019-07-23	CVE-2019-2858	Unspecified vulnerability in Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Advanced Console). network low complexity oracle	4.0
2019-06-19	CVE-2019-2729	Improper Access Control vulnerability in Oracle products Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). network low complexity oracle CWE-284 critical	9.8
2019-04-20	CVE-2019-11358	jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. network low complexity jquery debian drupal backdropcms fedoraproject opensuse netapp redhat oracle joomla juniper	6.1
2018-10-17	CVE-2018-3179	Unspecified vulnerability in Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Advanced Console). network low complexity oracle	6.4
2018-02-06	CVE-2017-15095	Deserialization of Untrusted Data vulnerability in multiple products A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. network low complexity fasterxml debian redhat netapp oracle CWE-502 critical	9.8
2017-10-30	CVE-2017-10151	Unspecified vulnerability in Oracle Identity Manager Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Default Account). network low complexity oracle	7.5