Vulnerabilities > Oracle > JD Edwards Enterpriseone Tools

DATE CVE VULNERABILITY TITLE RISK
2018-07-18 CVE-2018-2945 Unspecified vulnerability in Oracle JD Edwards Enterpriseone Tools 9.2
Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime).
network
low complexity
oracle
6.1
2018-07-18 CVE-2018-2944 Unspecified vulnerability in Oracle JD Edwards Enterpriseone Tools 9.2
Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Monitoring and Diagnostics).
network
low complexity
oracle
7.5
2018-05-24 CVE-2018-8013 Deserialization of Untrusted Data vulnerability in multiple products
In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class.
network
low complexity
apache debian canonical oracle CWE-502
critical
9.8
2018-02-06 CVE-2017-15095 Deserialization of Untrusted Data vulnerability in multiple products
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
network
low complexity
fasterxml debian redhat netapp oracle CWE-502
critical
9.8
2018-01-18 CVE-2015-9251 Cross-site Scripting vulnerability in multiple products
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
network
low complexity
jquery oracle CWE-79
6.1
2018-01-18 CVE-2018-2659 Unspecified vulnerability in Oracle JD Edwards Enterpriseone Tools 9.2
Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime SEC).
network
low complexity
oracle
6.1
2018-01-18 CVE-2018-2658 Unspecified vulnerability in Oracle JD Edwards Enterpriseone Tools 9.2
Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime SEC).
network
low complexity
oracle
6.1
2017-12-01 CVE-2017-15707 Improper Input Validation vulnerability in multiple products
In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload.
local
low complexity
apache netapp oracle CWE-20
6.2
2017-11-13 CVE-2016-8610 A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. 7.5
2017-05-04 CVE-2017-3730 NULL Pointer Dereference vulnerability in multiple products
In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash.
network
low complexity
openssl oracle CWE-476
7.5