Vulnerabilities > Oracle > JD Edwards Enterpriseone Tools
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-18 | CVE-2018-2946 | Unspecified vulnerability in Oracle JD Edwards Enterpriseone Tools 9.2 Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). network oracle | 5.8 |
| 2018-07-18 | CVE-2018-2945 | Unspecified vulnerability in Oracle JD Edwards Enterpriseone Tools 9.2 Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). network oracle | 5.8 |
| 2018-07-18 | CVE-2018-2944 | Unspecified vulnerability in Oracle JD Edwards Enterpriseone Tools 9.2 Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Monitoring and Diagnostics). | 5.0 |
| 2018-05-24 | CVE-2018-8013 | Deserialization of Untrusted Data vulnerability in multiple products In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. | 9.8 |
| 2018-02-06 | CVE-2017-15095 | Deserialization of Untrusted Data vulnerability in multiple products A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. | 9.8 |
| 2018-01-18 | CVE-2015-9251 | Cross-site Scripting vulnerability in multiple products jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. | 6.1 |
| 2018-01-18 | CVE-2018-2659 | Unspecified vulnerability in Oracle JD Edwards Enterpriseone Tools 9.2 Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime SEC). network oracle | 5.8 |
| 2018-01-18 | CVE-2018-2658 | Unspecified vulnerability in Oracle JD Edwards Enterpriseone Tools 9.2 Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime SEC). network oracle | 5.8 |
| 2017-12-01 | CVE-2017-15707 | Improper Input Validation vulnerability in multiple products In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload. | 5.0 |
| 2017-11-13 | CVE-2016-8610 | Resource Exhaustion vulnerability in multiple products A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. | 7.5 |